[ LiB ] |
Terms you'll need to understand:
Signature engine parameters
Protected parameters
Required parameters
Master and local signature engine parameters
Built-in (default) signatures
Custom signatures
Signature engines
Regular expression (Regex) syntax
FlipAddr parameter
AlarmThrottle parameter
ThrottleInterval parameter
SummaryKey parameter
ChokeThreshold parameter
State machines
State machine transitions
Techniques and concepts you'll need to master:
Alarm severity levels
Alarm summarization with the AlarmThrottle parameter
Automatic alarm summarization with the ChokeThreshold parameter
Recognizing signature responses
Selecting a signature engine
Signatures form the core of the Cisco Secure Intrusion Detection System (IDS). This chapter describes how signatures are structured and the various ways that they are categorized. The chapter then discusses signature engines, which support multiple signatures in a specific category. This chapter describes signature engine characteristics and features (including alarm configuration) and the full range of Cisco Signature Engines and their key parameters. The chapter also discusses the severity and alarm levels associated with each signature. Finally, we list and describe the Cisco Secure IDS signature engine series.
[ LiB ] |