Symantec 10521146 Administration Guide - Page 180
About user-defined signatures, Managing signatures, the title, severity
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 180 highlights
180 Detecting Configuring signature detection Symantec Network Security uses signatures as a compliment to PAD. The combination provides robust detection without the weaknesses of either PAD alone or signatures alone. Symantec Network Security's high performance is maintained by matching against the smallest set of signatures as is possible given the current context. Since many threats are detected and refined through the PAD functionality, Symantec Network Security minimizes the set of required signatures to maximize performance. Symantec Network Security also uses methods of rapid response in creating signatures that detect attempts to exploit new vulnerabilities as soon as they hit the network, independent of the exploit tool. This results in earlier prevention of threats and more complete coverage. About user-defined signatures The Network Security console provides a way to configure and enable additional user-defined signatures on a per-sensor basis, as well as global signature variables, such as creating the variable name port to stand for a value of 2600. User-defined signatures are synchronized across clusters so that each node has the title, severity, and definition of the user-defined signature. SuperUsers can create, define, edit, and delete user-defined signatures. All users can view them. Note: SuperUsers and Administrators can view and create user-defined signatures; StandardUsers and RestrictedUsers can view only. See "User groups reference" on page 319 for more about permissions. Managing signatures The Network Security console provides a way to configure and enable your own user-defined signatures on a per-sensor basis. You can also define variables, such as creating the variable name port to stand for a value of 2600. This section includes the following topics: ■ Viewing signatures ■ Adding or editing user-defined signatures ■ Deleting user-defined signatures ■ Adding new signature variables ■ Importing user-defined signatures ■ Resolving signature compile errors ■ Managing signature variables