Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
5
Helpful
2
Replies

"component of" explaination

kutukutu9
Level 1
Level 1

‎08-29-2008 07:23 AM - edited ‎03-10-2019 04:16 AM

Why are some signatures a "component of" some other signature. Does this mean they depend on each other to work properly?

Example is Signature 5748/1

This is a component of meta signature 5748-0 and has no event actions of its own defined..

Labels:
0 Helpful
2 Replies 2

wsulym
Cisco Employee
Cisco Employee

‎08-29-2008 08:28 AM

Sortof...

The meta engine allows us to group a number of signatures together, and if say all of them fire, then we fire the meta sig.

The component signatures of a meta-signature may or may not individually be malicious. We tend to leave them set to not produce an alert, and add the sig string info line of "component of...." so you have visibility to the fact that its a component sig.

So if you look at the -0 sig, it's written using the meta engine, and in order for -0 to fire, the individual components -1 thru -5 must all fire within 3 seconds.

kutukutu9
Level 1
Level 1
In response to wsulym

‎08-29-2008 11:13 AM

Great thanks.. makes sense

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card