38-20
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 38 Defining IPS Signatures
Configuring Signatures
Step 1 Do one of the following:
• (Device view) Select IPS > Signatures > Signatures from the Policy selector.
• (Policy view, IPS appliances and service modules) Select IPS > Signatures > Signatures, then
select an existing policy or create a new one.
• (Policy view, Cisco IOS IPS devices) Select IPS (Router) > Signatures, then select an existing
policy or create a new one.
The Signature page appears; see Signatures Page, page 38-4.
Step 2 Right-click the signature whose parameters you want to edit and select Edit Row. The Edit Signature
dialog box appears (see Edit Signature or Add Custom Signature Dialog Boxes, page 38-12).
Step 3 If the Source Policy field shows Default, you must change it to Local or to the name of a shared policy
before you can edit the parameters. The Local option is available in Device view only, and makes your
changes apply to the device you are editing and to no other devices. If you select the name of a shared
policy, your changes apply to all devices that are assigned the policy.
Step 4 Click Edit Parameters. The Edit Signature Parameters dialog box appears.
The Edit Signature Parameters dialog box contains a folder tree structure, with the parameter names in
the left side tree, and the values of the parameters shown on the right side.
Values that you can change contain a little box in the name; this is a check box. An empty check box
indicates that the default value is being used for the parameter. Check the check box to configure that
parameter. Click the value field to change the parameter. A green check indicates that a user-defined
value is being used. Click the green check to change the value back to the default. (Editing the field
typically adds a check mark to the box.)
To change a parameter, click in the associated filed in the right side. The behavior of clicking on a
parameter differs based on the parameter type:
• Read-only parameters—Many parameters are read-only and cannot be changed, such as signature
ID. Clicking these parameters typically has no effect, although parameter lists will open a dialog
box (such as the Obsoletes list).
• Text or Numeric parameters—When you click a parameter that requires that you type in a value,
whether alphanumeric or numeric, the field becomes an edit box. Type in the desired value and either
press enter or click outside the edit box.
• Predefined value parameters—Many parameters have a small set of possible values, such as Yes/No.
When you click these parameters, you activate a drop-down list. Select the desired option and click
outside the field.
• List parameters—Some parameters contain a list of items. These parameters are represented by a
pencil icon in the parameter value along with a word, such as Set or List. When you click in the field,
a dialog box opens where you can configure the list associated with the item. The Meta engine
component list is an example; for more information, see Editing the Component List for Meta
Engine Signatures, page 38-25.
• Variable parameters—Some parameters allow you to select policy objects to identify the contents of
the parameters. For example, you can select port list objects to identify ports in some signature
engines. When you click these parameters, an edit box with a Select button appears. You can type
the items directly into the edit box, including the name of the policy object, or click Select to select
the policy object from a list or to create a new object.
For more information about the Edit Signature Parameters dialog box, see Edit Signature Parameters
Dialog Box, page 38-21.
