Creating a Signature Override
Creating a Signature Override
You can configure exceptions for Intrusion Prevention System (IPS) by creating signature overrides. New overrides only apply to future events and won’t affect existing alerts.
To create a signature override:
- Go to Settings > Threat Protection > IPS Settings.
- Click the Signature Overrides tab.
- Click New Override.
- In the New Override window:
- Signature: Select the signatures you want to inspect in your organization’s traffic. You can search for a signature by name or ID.
- References: Filter your signature search by Common Vulnerabilities and Exposures (CVE) references.
- CVSS Severity: Filter your signature search by the Common Vulnerability Scoring System (CVSS).
- Critical
- High
- Medium
- Low
- None
- Traffic Type: If you have Cloud Firewall, filter your signature search by non-web or web traffic.
- Status: Select one of the following options.
- Enabled: Enable matching for the signatures.
- Disabled: Disable matching for the signatures.
- Action: Select one of the following options.
- Alert: Allow traffic and send alerts based on the signature match.
- Block: Block traffic based on the signature match.
If you enabled Alert Only Mode for signature matching, Alert is the default action, and you can’t modify this field.
- Signature: Select the signatures you want to inspect in your organization’s traffic. You can search for a signature by name or ID.
- Click Save.
You can view these events in the Skope IT Alerts page.