Edit, Clone, and Delete IPS Signature Dynamic Groups

Users with the tenant administrator role or a custom role with appropriate IPS tasks can edit, clone, or delete IPS signature dynamic groups.

Edit IPS Signature Dynamic Groups

You can edit only customized IPS signature dynamic groups and not predefined (system-generated) dynamic groups.

Procedure

1. Select Configuration > IPS > IPS Signatures.

   The IPS Signatures page appears.

2. Select a customized IPS signature dynamic group and click the edit (pencil) icon.

   The Edit IPS Signature Dynamic Group page appears, displaying the same fields that are presented when you create an IPS signature dynamic group.

3. Modify the IPS signature dynamic group fields as needed. See Create IPS Signature Dynamic Groups.

   Note You can modify all fields except the name.

4. (Optional) Click Preview Filtered Signatures to check if the signatures that match the dynamic group are consistent with the filter criteria that you specified.

   The IPS Signatures page appears displaying the list of IPS signatures matching the filters. If the signatures do not match, you can tweak the filter criteria as needed. Click Close to go back to the previous page.

5. Click OK to save your changes.

   You are returned to the IPS Signatures page and a message indicating that the IPS signature dynamic group was successfully updated is displayed.

If the IPS signature dynamic group was used in an IPS or exempt rule that is deployed on the device (through the firewall policy), then the firewall policy is marked for deployment. You must deploy the firewall policy for the changes to take effect on the device.

Clone IPS Signature Dynamic Groups

Cloning enables you to easily create a new IPS signature dynamic group based on an existing one. You can clone predefined or customized IPS signature dynamic groups and modify the parameters as needed.

Procedure

1. Select Configuration > IPS > IPS Signatures.

   The IPS Signatures page appears.

2. Select an IPS signature dynamic group and select More > Clone.

   The Clone IPS Signature Dynamic Group page appears, displaying the same fields that are presented when you create an IPS signature dynamic group.

3. Modify the IPS signature dynamic group fields as needed. See Create IPS Signature Dynamic Groups.
4. (Optional) Click Preview Filtered Signatures to check if the signatures that match the dynamic group are consistent with the filter criteria that you specified.

   The IPS Signatures page appears displaying the list of IPS signatures matching the filters. If the signatures do not match, you can tweak the filter criteria as needed. Click Close to go back to the previous page.

5. Click OK to save your changes.

   You are returned to the IPS Signatures page and a message that the IPS signature dynamic group was successfully created is displayed.

After you clone an IPS signature dynamic group, you can use the dynamic group in an IPS or an exempt rule and reference the IPS profile (containing the rule) in a firewall policy that you can then deploy on the device.

Delete IPS Signature Dynamic Groups

Procedure

1. Select Configuration > IPS > IPS Signatures.

   The IPS Signatures page appears.

2. Select one or more customized IPS signature dynamic groups and click the delete (trash can) icon

   A warning message appears asking you to confirm the deletion.

3. Click Yes to proceed with the deletion.

   You are returned to the IPS Signatures page and a message indicating the status of the delete operation is displayed.

Related Documentation

• Create IPS Profiles