IPS Signatures Overview
IPS compares traffic against signatures of known threats and blocks traffic when a threat is detected. The IPS Signatures page to monitor and prevent intrusions using the signatures. You can view, create, modify, clone, and delete IPS signatures, IPS signature static groups, and IPS signature dynamic groups. You can delete only the customized IPS signatures, static groups, and dynamic groups that are not used in the IPS or exempt rules.
To access this page, select SRX > Security Subscriptions > IPS > IPS Signature.
Field Descriptions - IPS Signatures Page
Field |
Description |
---|---|
Name |
The name of the IPS signature, IPS signature static group, or IPS signature dynamic group. |
Severity |
The severity level of the attack that the signature reports. |
Category |
The category of the attack object. |
CVE |
Displays the Common Vulnerabilities and Exposures (CVE) identifier or name associated with the threat. |
CVSS Score |
The Common Vulnerability Scoring System (CVSS) score used as a filter for the dynamic group. |
Activation Date |
The date when the IPS signature was activated. |
Type |
The type of IPS signature, which include:
|
Recommended |
Indicates whether the attack objects are recommended by Juniper Networks (True) or not (False). |
Action |
The action taken when the monitored traffic matches the attack objects added in the IPS rules. |
Predefined/Custom |
Indicates whether the IPS signature, static group, or dynamic group was system-generated (Predefined) or created by a user (Custom). |
CERT |
Displays the computer emergency response team (CERT) advisory number associated with the threat. |
BUG |
Displays the list of bugs that are related to the signature attack. |
False Positives |
Displays the frequency with which the attack produces a false positive on your network. |
Service |
The protocol or service that the attack uses to enter your network. |
Performance Impact |
The performance impact of the IPS signature. |
Direction |
The direction of the traffic for which the attack is detected, such as client to server. |
Field Descriptions - IPS Signature Details View Page
Field |
Description |
---|---|
General Info |
|
Name |
The name of the IPS signature. |
Description |
The description of the IPS signature. |
URL(s) |
Displays the URLs that have the details about the signature attack. For example, http://www.faqs.org/rfcs/rfc2865.html. |
Category |
The category of the attack object. See Table 1. |
Recommended |
Indicates whether the attack objects are recommended by Juniper Networks (True) or not (False). See Table 1. |
Action |
The action taken when the monitored traffic matches the attack objects added in the IPS rules. See Table 1. |
Keywords |
The keywords associated with the IPS signature. |
Severity |
The severity level of the attack that the signature reports. See Table 1. |
BUGS |
Displays the list of bugs that are related to the signature attack. See Table 1. |
CERT |
Displays the computer emergency response team (CERT) advisory number associated with the threat. See Table 1. |
CVE |
Displays the Common Vulnerabilities and Exposures (CVE) identifier or name associated with the threat. See Table 1. |
Signature Details |
|
Binding |
The protocol or service that the attack uses to enter your network. |
Service |
For service binding, displays the service the attack uses to enter your network. |
Time Count |
The number of times that IPS detects the attack in a specified time scope. |
Match Assurance |
The positives filter to track attack objects based on the frequency that the attack produces a false positive on your network. |
Performance Impact |
The performance impact filter used for the IPS signature. |
Signature |
Displays (in a table) the signature attack objects configured as part of the IPS signature. For each row, the following fields are displayed:
|
Field Descriptions - IPS Static Group Details Page
Field |
Description |
---|---|
Name |
The name of the IPS signature static group. |
Description |
The description of the IPS signature static group. |
Group Members |
Displays the IPS signatures or IPS signature dynamic groups that are part of the IPS static group. See Table 1 for an explanation of the fields in the table. To view the details, select a row, click More > Detail, or mouse over a row, and click the Detailed View icon. Depending on the object type, the IPS Signature Details View page or IPS Signature Dynamic Details View page opens. See Table 2 and Table 4 for an explanation of the fields on these pages. |
Field Descriptions - IPS Signature Dynamic Details View Page
Field |
Description |
---|---|
Name |
The name of the IPS signature dynamic group. |
Severity |
The severity filters used for the dynamic group. |
Service |
The service filters used for the dynamic group. |
Category |
The category filters used for the dynamic group. |
Recommended |
Indicates whether predefined attack objects recommended by Juniper Networks are added to the dynamic group (true) or not (false). |
Excluded |
Indicates whether predefined attack objects recommended by Juniper Networks are excluded from the dynamic group (true) or not (false). |
Direction |
The traffic direction filters used for the dynamic group. |
Performance Impact |
The performance impact filter used for the dynamic group. |
False Positive |
The false positive filter used for the dynamic group. |
Age of Attack |
The age of the attack in years used as a filter for the dynamic group. |
CVSS Score |
The Common Vulnerability Scoring System (CVSS) score used as a filter for the dynamic group. |
File Type |
The file type of the attack used as a filter for the dynamic group. |
Vulnerability Type |
The vulnerability type of the attack used as a filter for the dynamic group. |
Object Type |
The type of the object (anomaly or signature) used as a filter for the dynamic group. |
Vendor Description |
The vendor or product that the attack belongs to. |