Creating a Signature Override

Creating a Signature Override

You can configure exceptions for Intrusion Prevention System (IPS) by creating signature overrides. New overrides only apply to future events and won’t affect existing alerts.

To create a signature override:

  1. Go to Settings > Threat Protection > IPS Settings.
  2. Click the Signature Overrides tab.
  3. Click New Override.
  4. In the New Override window:
    • Signature: Select the signatures you want to inspect in your organization’s traffic. You can search for a signature by name or ID.
      • References: Filter your signature search by Common Vulnerabilities and Exposures (CVE) references.
      • CVSS Severity: Filter your signature search by the Common Vulnerability Scoring System (CVSS).
        • Critical
        • High
        • Medium
        • Low
        • None
      • Traffic Type: If you have Cloud Firewall, filter your signature search by non-web or web traffic.
    The References, CVSS Severity, and Traffic Type Filters for the Signature search.
    • Status: Select one of the following options.
      • Enabled: Enable matching for the signatures.
      • Disabled: Disable matching for the signatures.
      • Action: Select one of the following options.
        • Alert: Allow traffic and send alerts based on the signature match.
        • Block: Block traffic based on the signature match.

        If you enabled Alert Only Mode for signature matching, Alert is the default action, and you can’t modify this field.

  5. Click Save.

You can view these events in the Skope IT Alerts page.

Share this Doc

Creating a Signature Override

Or copy link

In this topic ...