Chapter 3. Cisco Intrusion Detection and Prevention Signatures
Configuring Signatures and Alerts
Signatures are the foundation of an intrusion prevention system (IPS). This chapter shows you how to tune and configure signatures to control how the sensor behaves. There are default signatures, tuned signatures (default signatures that you have modified), and your own custom signatures. Most built-in signatures generate an alert when fired.
Event actions can be defined either per signature, or as part of an event action override policy. When possible, it is simpler to manage using the policy.
Frequent configuration tasks include enabling or disabling signatures and defining the actions that should occur upon firing.
To access the signatures for ...
Get CCNP Security IPS 642-627 Quick Reference, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.