Manual Chapter :
Create protocol
inspection items
Applies To:
Show VersionsBIG-IP AFM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Create protocol
inspection items
Add inspection items to create new inspections
based on Snort signatures. You write signatures in Snort format. For information on
writing Snort rules, see https://www.snort.org/documents.
- On the Main tab, click.The Inspection List screen opens.
- ClickNew Signature.
- In theNamefield, type a name for the signature.
- In theDescriptionfield, type a description.
- In theSignature Definitionfield, type the valid snort syntax.All remaining fields are optional. However, the default settings accept the signature, and may not be configured correctly for your inspection. Configure settings that are appropriate to your security stance and the detection you want to accomplish.
- Specify an action for the signature.
- Select whether to log the signature.
- Specify the accuracy for the signature.
- Specify the direction on which the signature is detected.
- Specify the performance impact for the signature.
- Specify the protocol on which the signature acts.
- Specify the risk level for the attack.
- In theDocumentationfield, type any documentation for the signature.
- In theAttack Typefield, specify the attack type.
- In theReferencesfield, type any references for the signature.
- In theReference Linksfield, type any reference links.
- In theRevisionfield, type the revision number.
- In theSystemsfield, type the systems affected by the signature.
- Specify the service to which the signature applies.
- ClickCreateto create the inspection item.
The signature is created and appears in the inspection list.
Assign the inspection item to an inspection
profile to enable detection and the action associated with the inspection item.
To
view user defined inspection items, you can select
yes
from the User Defined
list on the
Inspection Profile or Inspection List screens.