 |
Note: You can only create signature attack objects. Creating anomaly attack objects is not supported. |
To specify an attack object in an IDP policy, you can download predefined attack objects and use them as is or customize them.
Juniper Networks recommends that you download predefined attack objects, modify the attack definitions of the attack that you want to customize, and then use the modified definition in the CLI to create a new attack object.
Predefined attack objects are available as part of the security package provided by Juniper Networks. Once you download the security package, the predefined attack objects are available in the following file on your system: /var/db/idpd/sec-download/SignatureUpdate.xml. Use standard UNIX commands to copy the contents of this file and modify the XML definitions.
|
Note: You can only create signature attack objects. Creating anomaly attack objects is not supported. |
The configuration instructions in this topic describe how to create a custom attack object by modifying a predefined attack object. In this example, you create a custom FTP attack to detect a Juniper login. In the attack description, update the following:
Once you have configured the custom attack object, you can specify the attack as a match criteria in an IDP policy rule. For more information, see Defining Rules for an IPS Rulebase.
You can use either J-Web or the CLI configuration editor to create a custom attack object.
This topic contains:
