Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
557
Views
0
Helpful
1
Replies

Creating custom signatures

m.mohanasundaram
Level 1
Level 1

‎06-21-2005 11:06 PM - edited ‎03-10-2019 01:30 AM

Hi,

Can someone point to me to some good documentation on creating custom signatures for IDS 4235 sensor. The documentation CD is no good for creating custom signatures. Most of the fields in the signature wizard are not explained and I could not find explainations anywhere in the Cisco website.

For example, what are masks and how they are used with TCPFlags. What are StorageKeys (Axxx, AxBx, etc.) and how they are used. I do not see any documentation expalining these concepts.

Any help is highly appreciated.

Thank you,

Mo

Labels:
0 Helpful
1 Reply 1

owillins
Level 6
Level 6

‎06-28-2005 07:56 AM

The following is a general parameter of the MASTER engine which applies to all signatures.

Parameter - event-count-key

Description - The storage type on which to count events for this signature:

Attacker address

Attacker and victim addresses

Attacker address and victim port

Victim address

Attacker and victim addresses and ports

Value -

Axxx

AxBx

Axxb

xxBx

AaBb

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/cliguide/clisgeng.htm#wp1007746

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card