Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ips signatures

According to CISCO doc, the signatures can be classified as exploit, connection and string-based.

Are the exploit signatures based on known vulnerabilities or exploit pattern, or both?

After tuning alerts on the relevant contexts, would manually matching the patterns in payload and signature provide more confidence with positives?

  • Intrusion Prevention Systems/IDS
2 REPLIES
Gold

Re: ips signatures

To which Cisco doc are you referring? Those classifications seem a bit nonsensical. It is not uncommon to see discussions around signatures that detect a specific exploit versus the vulnerability. In either case though, with signature based technology you are using patterns. Some are designed to detect a specific exploit of a vulnerability while others might detect any exploit of a vulnerability.

New Member

Re: ips signatures

1103

241
Views
0
Helpful
2
Replies
This widget could not be displayed.