Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

About the IPS Signatures Page

 

To access this page, select Configure > IPS > IPS Signature.

Use intrusion prevention system (IPS) signatures to monitor and prevent intrusions. IPS compares traffic against signatures of known threats and blocks traffic when a threat is detected.

Tasks You Can Perform

  • View the details of an IPS signature—Select an IPS signature and click More > Details, or mouse over the IPS signature and click the Detailed View icon. The IPS Signature Details View page appears. See Table 2 for an explanation of fields on this page.

  • View the details of an IPS signature static group—Select an IPS signature static group and click More > Details, or mouse over the IPS signature static group and click the Detailed View icon. The IPS Static Group Details page appears. See Table 3 for an explanation of fields on this page.

  • View the details of an IPS signature dynamic group—Select an IPS signature dynamic group and click More > Details, or mouse over the IPS signature dynamic group and click the Detailed View icon. The IPS Signature Dynamic Details View page appears. See Table 4 for an explanation of fields on this page.

  • Create an IPS signature—See Create IPS Signatures.

  • Create an IPS signature static group—See Create IPS Signature Static Groups.

  • Create an IPS signature dynamic group—See Create IPS Signature Dynamic Groups.

  • Edit, clone, or delete an IPS signature—See Edit, Clone, and Delete IPS Signatures.

  • Edit, clone, or delete an IPS signature static group—See Edit, Clone, and Delete IPS Signature Static Groups.

  • Edit, clone, or delete an IPS signature dynamic group—See Edit, Clone, and Delete IPS Signature Dynamic Groups.

  • Search for IPS signatures, static groups or dynamic groups by using keywords—Click the search icon and enter the search term in the text box and press Enter. The search results are displayed on the same page.

  • Filter IPS signatures, static groups or dynamic groups—Click the filter icon (funnel) and specify one or more filtering criteria. The filtered results are displayed on the same page.

  • Sort IPS signatures, static groups or dynamic groups—Click a column name to sort the data in the grid (table) based on the column name.

    Note

    Sorting is applicable only to some fields.

  • Show or hide columns—Click the Show Hide Columns icon at the top right corner of the page and select the columns that you want displayed on the page.

Field Descriptions

Table 1 describes the field on the IPS Signatures page.

Table 1: Fields on the IPS Signatures Page

Field

Description

Name

Name of the IPS signature, IPS signature static group, or IPS signature dynamic group.

Severity

Severity level of the attack that the signature will report.

Category

Category of the attack object.

Object Type

Displays the type of attack object:

  • Static Group

  • Dynamic Group

  • Signature

  • Protocol Anomaly

  • Compound Attack

Recommended

Indicates whether the attack objects are recommended by Juniper (True) or not (False).

Action

Action taken when the monitored traffic matches the attack objects specified in the IPS rules.

Definition Type

Displays whether the IPS signature, static group, or dynamic group was created by CSO (Predefined) or user-created (Custom).

CVE

Displays the Common Vulnerabilities and Exposures (CVE) identifier or name associated with the threat.

CERT

Displays the computer emergency response team (CERT) advisory number associated with the threat.

BUG

Displays the list of bugs that are related to the signature attack.

False Positives

Displays the frequency with which the attack produces a false positive on your network.

Service

Protocol or service that the attack uses to enter your network.

Performance Impact

Performance impact of the IPS signature.

Direction

Direction of the traffic for which the attack is detected; for example, client to server.

Table 2: Fields on the IPS Signature Details View Page

Field

Description

Name

Name of the IPS signature.

Description

Description of the IPS signature.

URL(s)

Displays the URLs that have the details about the signature attack. For example, http://www.faqs.org/rfcs/rfc2865.html.

Category

See Table 1.

Recommended

See Table 1.

Action

See Table 1.

Keywords

Keywords associated with the IPS signature.

Severity

See Table 1.

BUGS

See Table 1.

CERT

See Table 1.

CVE

See Table 1.

Signature Details

 

Binding

Protocol or service that the attack uses to enter your network.

Service

For service binding, displays the service the attack uses to enter your network.

Time Count

Number of time that IPS detects the attack in a specified time scope.

Signature

Displays (in a table) the signature attack objects configured as part of the IPS signature. For each row, the following fields are displayed:

  • No.—Unique identifier for the signature attack object.

  • Context—Attack context, which defines the location of the signature where IPS should look for the attack.

  • Direction—Connection direction of the attack.

  • Pattern—Signature pattern (in Juniper’s proprietary regular expression syntax) of the attack to be detected.

  • Regex—Regular expression to match malicious or unwanted behavior over the network.

  • Negated—Indicates whether the pattern should be excluded from being matched (true) or not (false).

Anomaly

Displays (in a table) the protocol anomaly attack objects configured as part of the IPS signature. For each row, the following fields are displayed:

  • No.—Unique identifier for the anomaly.

  • Anomaly—Protocol or service for which the anomaly is defined.

  • Direction—Connection direction of the attack.

Table 3: Fields on the IPS Static Group Details Page

Field

Description

Name

Name of the IPS signature static group.

Description

Description of the IPS signature static group.

Group Members

Displays the IPS signatures or IPS signature dynamic groups that are part of the IPS static group. See Table 1 for an explanation of the fields in the table.

To view the details, select a row, click More > Details, or mouse over a row and click the Detailed View icon. Depending on the object type, the IPS Signature Details View page or IPS Signature Dynamic Details View page appears. See Table 2 and Table 4 for an explanation of the fields on these pages.

Table 4: Fields on the IPS Signature Dynamic Details View Page

Field

Description

Name

Name of the IPS signature dynamic group.

Severity

Severity filters used for the dynamic group.

Service

Services filters used for the dynamic group.

Category

Category filters used for the dynamic group.

Recommended

Indicates whether predefined attack objects recommended by Juniper are added to the dynamic group (true) or not (false).

Direction

Traffic direction (for which the attack is detected) filters used for the dynamic group.

Performance Impact

Performance impact filter used for the dynamic group.

False Positive

False positive filter used for the dynamic group.

Age of Attack

Age of the attack (in years) used as a filter for the dynamic group.

CVSS Score

Common Vulnerability Scoring System (CVSS) score used as a filter for the dynamic group.

File Type

File type of the attack used as a filter for the dynamic group.

Vulnerability Type

Vulnerability type of the attack used as a filter for the dynamic group.

Object Type

Type of object (anomaly or signature) used as a filter for the dynamic group.

Vendor Description

Vendor or product that the attack belongs to.

Related Documentation