Signatures are the foundation of an intrusion prevention system (IPS). This chapter shows you how to tune and configure signatures to control how the sensor behaves. There are default signatures, tuned signatures (default signatures that you have modified), and your own custom signatures. Most built-in signatures generate an alert when fired.
Event actions can be defined either per signature, or as part of an event action override policy. When possible, it is simpler to manage using the policy.
Frequent configuration tasks include enabling or disabling signatures and defining the actions that should occur upon firing.
To access the signatures for ...