IDPS profiles are configured at the libraries ips-profile level.
To create a profile for the intrusion detection system, use the following command:
Admin@nodename# create libraries ips-profile <parameter>
Provide the following parameters:
|
Parameter |
Description |
|---|---|
|
name |
IPS profile name. |
|
description |
IPS profile description. |
|
filters |
Filters for selecting relevant signatures from IDPS signature library. |
To edit an existing IDPS profile, use the following command:
Admin@nodename# set libraries ips-profile <ips-profile-name> <parameter>
Using the following command, you can reconfigure the settings of the IDPS system signatures included in the rule:
Admin@nodename# set libraries ips-profile <ips-profile-name> override signature <signature-name> <parameters>
The following command allows you to return previously reconfigured parameters of the IDPS system signature to their original value:
Admin@nodename# set libraries ips-profile <ips-profile-name> override signature <signature-name> restore-default
To view information on all IDPS profiles, use the following command:
Admin@nodename# show libraries ips-profile
To display information about an individual IPS profile, use the following command:
Admin@nodename# show libraries ips-profile <ips-profile-name>
Example of creating an IDPS profile:
Admin@nodename# create libraries ips-profile name testipsprofile1 filters new enabled on value "threat > 2 AND owner = 'UserGate'" Admin@nodename# show libraries ips-profile testipsprofile1 name : testipsprofile1 filters : enabled : on value : threat > 2 AND owner = 'UserGate'
To remove an IDPS profile, use the following command:
Admin@nodename# delete libraries ips-profile <ips-profile-name>