Filter
Top Products
38-21
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 38 Defining IPS Signatures
Configuring Signatures
Step 5 Change the settings as desired, then click OK to save your changes. You are returned to the Edit
Signature dialog box.
Step 6 Click OK in the Edit Signature dialog box to save your changes to the signature.
Tip If you decide that your edits did not have the desired effect, or you suspect that you made a
mistake, you can click the Restore Defaults button in the Edit Signature dialog box to erase your
changes. You can then start over.
Edit Signature Parameters Dialog Box
Use the Edit Signature Parameters dialog box to edit (also called tune) the built-in micro-engine
parameters for a particular signature. Different engines have different parameters, so the appearance of
the Edit Signature Parameters dialog box varies. For more information about editing signature
parameters, see Editing Signature Parameters (Tuning Signatures), page 38-19.
The Edit Signature Parameters dialog box contains a folder tree structure, with the parameter names in
the left side tree, and the values of the parameters shown on the right side.
Values that you can change contain a little box in the name; this is a check box. An empty check box
indicates that the default value is being used for the parameter. Check the check box to configure that
parameter. Click the value field to change the parameter. A green check indicates that a user-defined
value is being used. Click the green check to change the value back to the default. (Editing the field
typically adds a check mark to the box.)
To change a parameter, click in the associated filed in the right side. The behavior of clicking on a
parameter differs based on the parameter type:
• Read-only parameters—Many parameters are read-only and cannot be changed, such as signature
ID. Clicking these parameters typically has no effect, although parameter lists will open a dialog
box (such as the Obsoletes list).
• Text or Numeric parameters—When you click a parameter that requires that you type in a value,
whether alphanumeric or numeric, the field becomes an edit box. Type in the desired value and either
press enter or click outside the edit box.
• Predefined value parameters—Many parameters have a small set of possible values, such as Yes/No.
When you click these parameters, you activate a drop-down list. Select the desired option and click
outside the field.
• List parameters—Some parameters contain a list of items. These parameters are represented by a
pencil icon in the parameter value along with a word, such as Set or List. When you click in the field,
a dialog box opens where you can configure the list associated with the item. The Meta engine
component list is an example; for more information, see Editing the Component List for Meta
Engine Signatures, page 38-25.
• Variable parameters—Some parameters allow you to select policy objects to identify the contents of
the parameters. For example, you can select port list objects to identify ports in some signature
engines. When you click these parameters, an edit box with a Select button appears. You can type
the items directly into the edit box, including the name of the policy object, or click Select to select
the policy object from a list or to create a new object.