ON THIS PAGE
About the IPS Signatures Page
IPS compares traffic against signatures of known threats and blocks traffic when a threat is detected.
Use the IPS Signatures page to monitor and prevent intrusions using the signatures. You can view, create, modify, clone, and delete IPS signatures, IPS signature static groups, and IPS signature dynamic groups. You can delete only the customized IPS signatures, static groups, and dynamic groups that are not used in the IPS or exempt rules.
Tasks You Can Perform
-
View the details of an IPS signature—Select an IPS signature and click More > Detail, or mouse over the IPS signature, and click the Detailed View icon. The IPS Signature Details View page opens. See Table 2 for an explanation of fields on this page.
-
View the details of an IPS signature static group—Select an IPS signature static group and click More > Detail, or mouse over the IPS signature static group, and click the Detailed View icon. The IPS Static Group Details page opens. See Table 3 for an explanation of fields on this page.
-
View the details of an IPS signature dynamic group—Select an IPS signature dynamic group and click More > Detail, or mouse over the IPS signature dynamic group, and click the Detailed View icon. The IPS Signature Dynamic Details View page opens. See Table 4 for an explanation of fields on this page.
-
Create an IPS signature—See Create an IPS Signature.
-
Create an IPS signature static group—See Create an IPS Signature Static Group.
-
Create an IPS signature dynamic group—See Create an IPS Signature Dynamic Group.
-
Edit, clone, or delete an IPS signature—See Edit, Clone, and Delete an IPS Signature.
-
Edit, clone, or delete an IPS signature static group—See Edit, Clone, and Delete an IPS Signature Static Group.
-
Edit, clone, or delete an IPS signature dynamic group—See Edit, Clone, and Delete an IPS Signature Dynamic Group.
-
Search for IPS signatures, static groups, or dynamic groups by using keywords—Click the search icon, enter the search term in the text box, and press Enter. The search results are displayed on the same page.
-
Filter IPS signatures, static groups, or dynamic groups—Click the filter icon (funnel) and select one or more filtering criteria. The filtered results are displayed on the same page.
-
Sort IPS signatures, static groups, or dynamic groups—Click a column name to sort the data in the grid (table) based on the column name.
Note:Sorting is applicable only to some fields.
-
Show or hide columns—Click Show Hide Columns.
Field Descriptions
Table 1 describes the field on the IPS Signatures page.
|
Field |
Description |
|---|---|
|
Name |
The name of the IPS signature, IPS signature static group, or IPS signature dynamic group. |
|
Severity |
The severity level of the attack that the signature reports. |
|
Category |
The category of the attack object. |
|
CVE |
Displays the Common Vulnerabilities and Exposures (CVE) identifier or name associated with the threat. |
|
CVSS Score |
The Common Vulnerability Scoring System (CVSS) score used as a filter for the dynamic group. |
|
Activation Date |
The date when the IPS signature was activated. |
|
Type |
The type of IPS signature, which include:
|
|
Recommended |
Indicates whether the attack objects are recommended by Juniper Networks (True) or not (False). |
|
Action |
The action taken when the monitored traffic matches the attack objects added in the IPS rules. |
|
Predefined/Custom |
Indicates whether the IPS signature, static group, or dynamic group was system-generated (Predefined) or created by a user (Custom). |
|
CERT |
Displays the computer emergency response team (CERT) advisory number associated with the threat. |
|
BUG |
Displays the list of bugs that are related to the signature attack. |
|
False Positives |
Displays the frequency with which the attack produces a false positive on your network. |
|
Service |
The protocol or service that the attack uses to enter your network. |
|
Performance Impact |
The performance impact of the IPS signature. |
|
Direction |
The direction of the traffic for which the attack is detected, such as client to server. |
|
Field |
Description |
|---|---|
|
General Info |
|
|
Name |
The name of the IPS signature. |
|
Description |
The description of the IPS signature. |
|
URL(s) |
Displays the URLs that have the details about the signature attack. For example, http://www.faqs.org/rfcs/rfc2865.html. |
|
Category |
The category of the attack object. See Table 1. |
|
Recommended |
Indicates whether the attack objects are recommended by Juniper Networks (True) or not (False). See Table 1. |
|
Action |
The action taken when the monitored traffic matches the attack objects added in the IPS rules. See Table 1. |
|
Keywords |
The keywords associated with the IPS signature. |
|
Severity |
The severity level of the attack that the signature reports. See Table 1. |
|
BUGS |
Displays the list of bugs that are related to the signature attack. See Table 1. |
|
CERT |
Displays the computer emergency response team (CERT) advisory number associated with the threat. See Table 1. |
|
CVE |
Displays the Common Vulnerabilities and Exposures (CVE) identifier or name associated with the threat. See Table 1. |
|
Signature Details |
|
|
Binding |
The protocol or service that the attack uses to enter your network. |
|
Service |
For service binding, displays the service the attack uses to enter your network. |
|
Time Count |
The number of times that IPS detects the attack in a specified time scope. |
|
Match Assurance |
The positives filter to track attack objects based on the frequency that the attack produces a false positive on your network. |
|
Performance Impact |
The performance impact filter used for the IPS signature. |
|
Signature |
Displays (in a table) the signature attack objects configured as part of the IPS signature. For each row, the following fields are displayed:
|
|
Field |
Description |
|---|---|
|
Name |
The name of the IPS signature static group. |
|
Description |
The description of the IPS signature static group. |
|
Group Members |
Displays the IPS signatures or IPS signature dynamic groups that are part of the IPS static group. See Table 1 for an explanation of the fields in the table. To view the details, select a row, click More > Detail, or mouse over a row, and click the Detailed View icon. Depending on the object type, the IPS Signature Details View page or IPS Signature Dynamic Details View page opens. See Table 2 and Table 4 for an explanation of the fields on these pages. |
|
Field |
Description |
|---|---|
|
Name |
The name of the IPS signature dynamic group. |
|
Severity |
The severity filters used for the dynamic group. |
|
Service |
The service filters used for the dynamic group. |
|
Category |
The category filters used for the dynamic group. |
|
Recommended |
Indicates whether predefined attack objects recommended by Juniper Networks are added to the dynamic group (true) or not (false). |
|
Excluded |
Indicates whether predefined attack objects recommended by Juniper Networks are excluded from the dynamic group (true) or not (false). |
|
Direction |
The traffic direction filters used for the dynamic group. |
|
Performance Impact |
The performance impact filter used for the dynamic group. |
|
False Positive |
The false positive filter used for the dynamic group. |
|
Age of Attack |
The age of the attack in years used as a filter for the dynamic group. |
|
CVSS Score |
The Common Vulnerability Scoring System (CVSS) score used as a filter for the dynamic group. |
|
File Type |
The file type of the attack used as a filter for the dynamic group. |
|
Vulnerability Type |
The vulnerability type of the attack used as a filter for the dynamic group. |
|
Object Type |
The type of the object (anomaly or signature) used as a filter for the dynamic group. |
|
Vendor Description |
The vendor or product that the attack belongs to. |