Add a Custom IPS Signature List

You can use the system-provided signature lists in custom IPS profiles to build your own custom IPS signature lists that fit your organization's specific needs.

Prerequisites

• Full admin access to the Secure Access dashboard. For more information, see Manage Accounts.

Procedure

1. Navigate to Secure > Profiles > IPS Profiles.

2. Click Add and enter a name for your custom signature list and choose either Detection or Prevention for Intrusion System Mode.

• Detection—Detect threats or attacks in your network that match your signature database. When Detection Only mode is used, your IPS settings can be tested on your network without affecting traffic. Signatures that would be blocked in Protection mode will be logged in Activity Search as "Allowed (Would Block)" under IPS Signatures.
• Prevention—Protect your network from known threats or attacks.

3. Under IPS Signature List Template, choose the signature list to apply these settings to.
4. Change which signatures are blocked, logged only, or ignored. Click the menu next to the signature you want to move and click Move to Block, Move to Log Only, or Move to Ignore. A prompt appears asking you to confirm your choice.

4. Click Move. The signature you moved is now within the section you chose.

5. Click Save to finish creating your custom signature list.

Reset a Signature's Action

1. Navigate to Secure > Profiles > IPS Profiles.
2. Under Custom IPS Signature Lists, click the list you want to edit. The list expands.
3. Click the More Actions menu and click View Overrides to view the list of signatures that have been moved.

4. Locate the signature you want to reset and click Reset to System Default for that signature. A prompt appears asking you to confirm your choice.

5. The signature you reset is now set back to its original action from the default list your custom list is based on.
6. Click Save to finish editing your custom signature list.

Manage IPS Profiles < Add a Custom IPS Signature List > Manage Security Profiles