https://community.cisco.com/t5/network-security/ips-signatures/m-p/834591#M85410 <HTML><HEAD></HEAD><BODY><P>To which Cisco doc are you referring? Those classifications seem a bit nonsensical. It is not uncommon to see discussions around signatures that detect a specific exploit versus the vulnerability. In either case though, with signature based technology you are using patterns. Some are designed to detect a specific exploit of a vulnerability while others might detect any exploit of a vulnerability.</P></BODY></HTML> Wed, 31 Oct 2007 13:23:34 GMT mhellman 2007-10-31T13:23:34Z https://community.cisco.com/t5/network-security/ips-signatures/m-p/834590#M85408 <P>According to CISCO doc, the signatures can be classified as exploit, connection and string-based.</P><P></P><P>Are the exploit signatures based on known vulnerabilities or exploit pattern, or both?</P><P></P><P>After tuning alerts on the relevant contexts, would manually matching the patterns in payload and signature provide more confidence with positives?</P> Sun, 10 Mar 2019 10:51:14 GMT https://community.cisco.com/t5/network-security/ips-signatures/m-p/834590#M85408 mai2mai2m 2019-03-10T10:51:14Z https://community.cisco.com/t5/network-security/ips-signatures/m-p/834591#M85410 <HTML><HEAD></HEAD><BODY><P>To which Cisco doc are you referring? Those classifications seem a bit nonsensical. It is not uncommon to see discussions around signatures that detect a specific exploit versus the vulnerability. In either case though, with signature based technology you are using patterns. Some are designed to detect a specific exploit of a vulnerability while others might detect any exploit of a vulnerability.</P></BODY></HTML> Wed, 31 Oct 2007 13:23:34 GMT https://community.cisco.com/t5/network-security/ips-signatures/m-p/834591#M85410 mhellman 2007-10-31T13:23:34Z https://community.cisco.com/t5/network-security/ips-signatures/m-p/834592#M85414 <HTML><HEAD></HEAD><BODY><P>1103</P></BODY></HTML> Thu, 01 Nov 2007 02:51:12 GMT https://community.cisco.com/t5/network-security/ips-signatures/m-p/834592#M85414 yytdlvlei 2007-11-01T02:51:12Z