Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
204
Views
0
Helpful
1
Replies

CSA Question - Customizable Attack Signatures?

a.arndt
Level 3
Level 3

‎06-08-2004 10:26 AM - edited ‎03-09-2019 07:40 AM

Quick question about CSA, since I'm having no luck finding anything online (I used http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html as a start point).

Can you customize the attack signatures via either VMS or the MC for CSA?

Just curious...

Alex Arndt

Labels:
0 Helpful
1 Reply 1

pcomeaux
Cisco Employee
Cisco Employee

‎06-08-2004 11:29 AM

There's no signatures in CSA, only behavioral rules.

But you can add custom rules to CSA to accomplish almost any type of system control that you would like.

As an example, I recommend to customers to add a rule that blocks all outbound SMTP from hosts on their network. An exception to this may be a rule may be required for SMTP to their internal mail server.

The benefit to this rule is all new worms/viruses that try to spread themselves via SMTP will NOT be able to. Of course, the behaviors of the Worms and Viruses are usually caught and stopped by CSA prior to this rule being enforced. It's just an extra safeguard.

Hope this helps,

peter

0 Helpful
Customers Also Viewed These Support Documents