Upload custom signatures tool, Hints and tips – Raritan Computer COMMANDCENTER NOC User Manual

Page 66

background image

54

COMMANDCENTER NOC ADMINISTRATOR GUIDE

Upload Custom Signatures Tool

The Upload Custom Signatures page allows you to upload a specific set of rules that will be
sent to a specified Intrusion Detection appliance. This feature can be used to augment the set of
signatures that Raritan provides as part of the ongoing software updates for the appliance.
1. Click on the Admin

tab in the top navigation bar.

2. Click Intrusion Detection Configuration.
3. Click Advanced Security Administration.
4. Click Upload Custom Signatures.

Figure 69 Selecting an Intrusion Detection Appliance for Changing Signature Set

5. Click configure next to the appliance you wish to upload a specific set of signatures.

Figure 70 Selecting an Intrusion Detection Appliance for Changing Signature Set

6. Click Browse to open a custom signature file. The custom signature file that is uploaded must

adhere to these rules:

• Custom signatures must be in a file with one signature entry per line.
• Comment lines must begin with the "#" character.
• The signatures must be in Snort-compatible format, with no blank lines in the file.
• Click upload.
Hints and Tips:
• Custom signatures will take precedence over all stock signatures that are produced by the

Signature Profiler.

• The signatures will apply to incoming packets in the order that they appear in the file.
• You may upload multiple files containing signatures. The signatures will apply to incoming

packets in the order that the files were uploaded.

• To delete the current set of custom signatures for this appliance, click Delete All Custom

Signatures.

• Keep a backup of the signature files that you have uploaded; the only way to change custom

signature settings is to delete the existing custom signatures and upload a new set.

After you have uploaded new custom rules, it will take several minutes for the rules to be
activated by the Intrusion Detection service.