Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Understanding Signature Databases

The signature database is one of the major components of the intrusion prevention system (IPS). This database includes signature definitions of attacks and applications that can be used to identify applications for tracking firewall policies, quality of service prioritization, and IPS.

The IPS signature database is stored on an IPS enabled device and contains definitions of predefined attack objects and groups. These attack objects and groups are designed to detect known attack patterns and protocol anomalies within the network traffic. You can configure attack objects and groups as match conditions in IPS policy rules.

The following download options are available in the signature database for the signature download:

  • Delta Download–Downloads only the updates from the previously downloaded version.

  • Full Download—Downloads the complete signature database; the download might take a longer amount of time.

All of the downloaded signatures are created in the system domain in read-only mode. The configurations that are downloaded are also saved in the system domain.

Security Director sends the full signature database update if any one of the following scenarios is true:

  • You install an older version of the signature files.

  • The corresponding diff files do not exist.

  • A signature file is added using the offline update.

You can perform an offline update of the signature database files by downloading the latest signature version from and storing it locally.

You can configure the signature database settings to install the latest signature on to the device. Once the latest signatures are available, you can use them to configure application services.