Filter
Top Products
54 COMMANDCENTER NOC ADMINISTRATOR GUIDE
Upload Custom Signatures Tool
The Upload Custom Signatures page allows you to upload a specific set of rules that will be
sent to a specified Intrusion Detection appliance. This feature can be used to augment the set of
signatures that Raritan provides as part of the ongoing software updates for the appliance.
1. Click on the Admin tab in the top navigation bar.
2. Click Intrusion Detection Configuration.
3. Click Advanced Security Administration.
4. Click Upload Custom Signatures.
Figure 69 Selecting an Intrusion Detection Appliance for Changing Signature Set
5. Click configure next to the appliance you wish to upload a specific set of signatures.
Figure 70 Selecting an Intrusion Detection Appliance for Changing Signature Set
6. Click Browse to open a custom signature file. The custom signature file that is uploaded must
adhere to these rules:
• Custom signatures must be in a file with one signature entry per line.
• Comment lines must begin with the "#" character.
• The signatures must be in Snort-compatible format, with no blank lines in the file.
• Click upload.
Hints and Tips:
• Custom signatures will take precedence over all stock signatures that are produced by the
Signature Profiler.
• The signatures will apply to incoming packets in the order that they appear in the file.
• You may upload multiple files containing signatures. The signatures will apply to incoming
packets in the order that the files were uploaded.
• To delete the current set of custom signatures for this appliance, click Delete All Custom
Signatures.
• Keep a backup of the signature files that you have uploaded; the only way to change custom
signature settings is to delete the existing custom signatures and upload a new set.
After you have uploaded new custom rules, it will take several minutes for the rules to be
activated by the Intrusion Detection service.