Solved: Signature Fields Details

Bethuelle · ‎06-28-2011

Can someone please give me the meaning and use of the fields found under ENGINE. To be more precise, I'll like to know how to use the fields Src Addr Filter and Dst Addr Filter.

Thanks for your answers.

Dustin Ralich · ‎06-30-2011

Can someone please give me the meaning and use of the fields found under ENGINE.

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_signature_engines.html#wpmkr1183504

To be more precise, I'll like to know how to use the fields Src Addr Filter and Dst Addr Filter.

Detailed by the document in the URL I provided above. In short: EAFs (Event Action Filters) based on Attacker (source) and Victim (destination) IP addresses do not always function as expected for Sweep Engine signatures. To filter Sweep Engine signatures (based on source and/or destination IP addresses), you can use the Src Addr Filter and Dst Addr Filter parameters for the signature(s) itself.

View solution in original post

Dustin Ralich · ‎06-30-2011

Can someone please give me the meaning and use of the fields found under ENGINE.

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_signature_engines.html#wpmkr1183504

To be more precise, I'll like to know how to use the fields Src Addr Filter and Dst Addr Filter.

Detailed by the document in the URL I provided above. In short: EAFs (Event Action Filters) based on Attacker (source) and Victim (destination) IP addresses do not always function as expected for Sweep Engine signatures. To filter Sweep Engine signatures (based on source and/or destination IP addresses), you can use the Src Addr Filter and Dst Addr Filter parameters for the signature(s) itself.

Bethuelle · ‎07-01-2011

Thanks