you should verify 3 points ,
- you want to create a string signiture .
- you want to create a connection based signiture .
- you want to costumize exsiting general signitures .
now ,
if u want to create string based signiture you can do as follow :
on cspm or likewise cisco works vms :
- go to sensor signiture menu.
- go to your active signiture template.
- go to signitures menu.
- go to string signiture menu.
- click add .
- enter the strign name .( ie . i wanna monitor all user which enter the word xxx in their IE sessions ; i enter here "xxx" as string .
- specify port .( here 80 ,you may know 80 is http ;) )
-direction : to and from .
- enable
- action : IP LOG ,or block or what e
-ok
-continue
- save
- update
- command /approve
- ok ok
now test it somehow .
-----------------------------------------------------------
u wanna create a connection based :
go to connection signiture this beside and add u'r interest simply.
-----------------------------------------------------------
if u wanna do more professional manipulation u should go to sensor :
/user/nrg/
bye