McAfee HISCDE-AB-IA Product Guide - Page 40
Configuring IPS signatures, Menu | Policy | Policy Catalog, Host Intrusion Prevention: IPS, Product
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 40 highlights
Configuring IPS Policies Define IPS protection Network IPS signatures Network-based intrusion prevention signatures detect and prevent known network-based attacks that arrive on the host system. They appear in the same list of signatures as the host-based signatures. Each signature has a description and a default severity level. With appropriate privilege levels, an administrator can modify the severity level of a signature. You can create exceptions for network-based signatures; however, you cannot specify any additional parameter attributes such as operating system user or process name. Advanced details contain network-specific parameters, for example IP addresses, which you can specify. Events generated by network-based signatures are displayed along with the host-based events in the Events tab and exhibit the same behavior as host-based events. To work with signatures, click the Signatures tab in the IPS Rules policy. Configuring IPS signatures Edit default signatures, add custom signatures, and move signatures to another policy from the Signatures tab of the IPS Rules policy. Task For option definitions, click ? in the interface. 1 Click Menu | Policy | Policy Catalog and select Host Intrusion Prevention: IPS in the Product list and IPS Rules in the Category list. The list of policies appears. 2 Under Actions, click Edit to make changes on the IPS Rules page, then click the Signatures tab. 3 Do any of the following: To... Find a signature in the list Edit a signature Do this... Use the filters at the top of the signatures list. You can filter on signature severity, type, platform, log status, whether client rules are allowed, or specific text that includes signature name, notes, or content version. Click Clear to remove filter settings. Under Actions, click Edit. • If the signature is a default signature, you can modify the Severity Level, Client Rules, or Log Status settings, and enter notes in the Note box to document the change. Click OK to save any modifications. Edited default signatures can be reverted to their default settings by clicking Revert under Actions. NOTE: When you edit a signature and save the change, the signature is resorted in the list. As a result, you might need to search the list to find the edited signature. • If the signature is a custom signature, modify the Severity Level, Client Rules, Log Status or Description settings, and enter notes in the Note box to document the change. Click OK to save any modifications. NOTE: You can make changes to several signatures at once, by selecting the signatures and clicking Edit 40 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5