Expression (Boolean expression)

Using the boolean expression field disables the ordered match function. The boolean expression field makes use of the member name or member index properties. The following three boolean operators are supported along with parenthesis, which helps determine precedence:

• or—If either of the member name patterns match, the expression matches.
• and—If both of the member name patterns match, the expression matches. It does not matter which order the members appear in.
• oand (ordered and)—If both of the member name patterns match, and if they appear in the same order as specified in the boolean expression, the expression matches.

Suppose you have created six signature members, labelled s1-s5. Suppose you know that the attack always contains the pattern s1, followed by either s2 or s3. You also know that the attack always contains s4 and s5, but their positions in the attack can vary. In this case, you might create the following boolean expression: ((s1 oand s2) or (s1 oand s3)) and (s4 and s5)

Note: You can either define an ordered match or an expression (not both) in a custom attack definition.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.