Chapter 3. Cisco Intrusion Detection and Prevention Signatures

Configuring Signatures and Alerts

Signatures are the foundation of IPS. This chapter shows you how to tune and configure signatures to control how the sensor behaves. There are default signatures, tuned signatures (default signatures that you have modified), and your own custom signatures. By default, all built-in signatures generate an alert when fired.

Frequent configuration tasks include enabling or disabling signatures and defining the actions that should occur upon firing.

To access the signatures for configuration, choose Configuration > Signature Definitions > Signature Configuration.

Here are the possible actions that you can configure in response to a signature firing:

Get CCSP IPS Quick Reference now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.