Docy

Creating a Signature Override

Creating a Signature Override

You can configure exceptions for Intrusion Prevention System (IPS) by creating signature overrides. New overrides only apply to future events and won’t affect existing alerts.

To create a signature override:

  1. Go to Settings > Threat Protection > IPS Settings.
  2. Click the Signature Overrides tab.
  3. Click New Override.
  4. In the New Override window:
    • Signature: Select the signatures you want to inspect in your organization’s traffic. You can search for a signature by name or ID.
      • References: Filter your signature search by Common Vulnerabilities and Exposures (CVE) references.
      • CVSS Severity: Filter your signature search by the Common Vulnerability Scoring System (CVSS).
        • Critical
        • High
        • Medium
        • Low
        • None
      The References and CVSS Severity filters for the signature search.
    • Status: Select one of the following options.
      • Enabled: Enable matching for the signatures.
      • Disabled: Disable matching for the signatures.
    • Action: Select one of the following options.
      • Alert: Allow traffic and send alerts based on the signature match.
      • Block: Block traffic based on the signature match.

      If you enabled Alert Only Mode for signature matching, Alert is the default action, and you can’t modify this field.

    NGSWG-CTEP-Signature-Override-New-Override-Window.png
  5. Click Save.

You can view these events in the Skope IT Alerts page.

Share this Doc
In this topic ...