F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP AFM: Network Firewall Policies and Implementations
  3. Protocol Security
  4. About protocol anomaly inspection
  5. Create protocol inspection items
Manual Chapter : Create protocol inspection items

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

Create protocol inspection items

Add inspection items to create new inspections based on Snort signatures. You write signatures in Snort format. For information on writing Snort rules, see https://www.snort.org/documents.
  1. On the Main tab, click
    Security
    Protocol Security
    Inspection List
    .
    The Inspection List screen opens.
  2. Click
    New Signature
    .
  3. In the
    Name
     field, type a name for the signature.
  4. In the
    Description
     field, type a description.
  5. In the
    Signature Definition
     field, type the valid snort syntax.
    All remaining fields are optional. However, the default settings accept the signature, and may not be configured correctly for your inspection. Configure settings that are appropriate to your security stance and the detection you want to accomplish.
  6. Specify an action for the signature.
  7. Select whether to log the signature.
  8. Specify the accuracy for the signature.
  9. Specify the direction on which the signature is detected.
  10. Specify the performance impact for the signature.
  11. Specify the protocol on which the signature acts.
  12. Specify the risk level for the attack.
  13. In the
    Documentation
     field, type any documentation for the signature.
  14. In the
    Attack Type
     field, specify the attack type.
  15. In the
    References
     field, type any references for the signature.
  16. In the
    Reference Links
     field, type any reference links.
  17. In the
    Revision
     field, type the revision number.
  18. In the
    Systems
     field, type the systems affected by the signature.
  19. Specify the service to which the signature applies.
  20. Click
    Create
     to create the inspection item.
The signature is created and appears in the inspection list.
Assign the inspection item to an inspection profile to enable detection and the action associated with the inspection item.
To view user defined inspection items, you can select
yes
 from the
User Defined
 list on the Inspection Profile or Inspection List screens.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information