You have seen in this chapter how Cisco IDS alarms, signatures, signature engines, and their parameters work together to create a robust intrusion-detection solution. Alarms can be summarized to work optimally in your network environment, and you can use signature engines to add the set of comprehensive series of default signatures. When choosing a signature engine to create your custom signature, you should consider the network protocol, target address, port range, type of attack, and payload inspection.
