IPS Overview

On Management > IPS Overview, you can check the overview of signatures that are used for network intrusion detection.

Default Signature Tab

This tab shows the following information about the default signatures.

• SID: Shows the unique ID of the signature.
• Signature Name: Shows the name of the signature. You can click on the name to change it. For more information, refer to IPS Policy > Default Signatures.
• CVE ID: Shows the vulnerability code relevant to the signature.
• Application Type: Shows the type of application that is exploited by the attack.
• Protected Area: Shows the area that is protected from the attack by the signature. (Available values: Operating System, Server Side Application, Client Side Application, Network Protocol, Database)
• Signature Used: Shows the number of agents that are using this signature. You can click on the number of agents to see details.
• Signature Recommended: Shows the number of agents that are recommended to use this signature. You can click on the number of agents to see details.
• New/Changed: Shows whether this signature has been recently added or changed within the last 30 days.
• Updated On: Shows the last update date of the signature.

Click on the Log () icon to see details about the signature and why it was created.

• Vulnerability Name: Shows the name of the network vulnerability.
• Category: Shows the area that is protected from the attack by the signature.
• CVE ID: Shows the vulnerability code relevant to the signature as designated by MITRE (http://cve.mirte.org).
• Severity: Shows the severity of the vulnerability.
• Path: Shows the patch that is infected by the vulnerability or the location of malware installation.
• Targeting: Shows the area that is targeted by the vulnerability.
• Summary: Shows a short description about the vulnerability for your understanding.
• Key Characteristics: Defines the key characteristics that identify the vulnerability.
• Recommended Action: Shows the recommended actions.
• Reference: Shows information you can read for reference.

Custom Signature Tab

This tab shows the following information about the custom signatures. Note that you can also import signatures in JSON format.

• SID: Shows the unique ID of the signature.
• Signature Name: Shows the name of the signature. You can click on the name to change it. For more information, refer to IPS Policy > Default Signatures.
• Application Type: Shows the type of application that is exploited by the attack.
• Protected Area: Shows the area that is protected from the attack by the signature. (Available values: Operating System, Server Side Application, Client Side Application, Network Protocol, Database)
• Signature Used: Shows the number of agents that are using this signature. You can click on the number of agents to see details.
• Updated On: Shows the last update date of the signature.

For information about adding custom signatures, refer to IPS Policy > Custom Signature.