Advanced intrusion detection administration, Manage signatures, Figure 68 generating new signature set – Raritan Computer COMMANDCENTER NOC User Manual

Page 65

background image

C

HAPTER

3:

CONFIGURING INTRUSION DETECTION

53

Advanced Intrusion Detection Administration

Advanced administration assists in fine tuning the set of signatures that an intrusion detection
application will use to detect intrusion traffic on the network.

Manage Signatures

The Manage Signatures page allows you to disable specific signatures on a per-appliance basis.
This allows you to disable signatures that may produce false-positive alerts because of conditions
on your network. These settings will take precedence over the broader categories that may be
selected in the Signature Profiler.
1. Click on the Admin

tab in the top navigation bar.

2. Click Intrusion Detection Configuration.
3. Click Advanced Security Administration.
4. Click Manage Signatures.

Figure 67 Selecting an Intrusion Detection Appliance for Changing Signature Set

5. Select the appliance you wish to enable/disable signatures for by clicking configure next to it.

Figure 68 Generating New Signature Set

6. After you have finished making any changes to the signature set, you will need to manually

generate a new signature set so that the appliance will get the latest settings. Click generate
new signature set
at the bottom of the screen to generate the signature set.

Within several minutes, the signatures will be generated and the CC-NOC will load the new
settings and continue to monitor for security events.