Cisco Cisco FirePOWER Appliance 7010
32-71
FireSIGHT System User Guide
Chapter 32 Understanding and Writing Intrusion Rules
Understanding Keywords and Arguments in Rules
You can use the following procedure to specify a GTP information element.
To specify a GTP information element:
Access:
Admin/Intrusion Admin
Step 1
On the Create Rule page, select
gtp_info
in the drop-down list and click
Add Option.
The
gtp_info
keyword appears.
Step 2
Specify a single defined decimal value 0 to 255 for the information element, or a single defined string.
See the
See the
table for values and strings recognized by the system.
Modbus Keywords
License:
Protection
You can use Modbus keywords to point to the beginning of the Data field in a Modbus request or
response, to match against the Modbus Function Code, and to match against a Modbus Unit ID. You can
use Modbus keywords alone or in combination with other keywords such as
response, to match against the Modbus Function Code, and to match against a Modbus Unit ID. You can
use Modbus keywords alone or in combination with other keywords such as
content
and
byte_jump
.
See the following sections for more information:
•
191
N/A
evolved_allocation1
N/A
192
N/A
evolved_allocation2
N/A
193
N/A
extended_flags
N/A
194
N/A
uci
N/A
195
N/A
csg_info
N/A
196
N/A
csg_id
N/A
197
N/A
cmi
N/A
198
N/A
apn_ambr
N/A
199
N/A
ue_network
N/A
200
N/A
ue_ambr
N/A
201
N/A
apn_ambr_nsapi
N/A
202
N/A
ggsn_backoff_timer
N/A
203
N/A
signalling_priority_indication
N/A
204
N/A
signalling_priority_indication_nsapi
N/A
205
N/A
high_bitrate
N/A
206
N/A
max_mbr
N/A
251
charging_gateway_addr
charging_gateway_addr
N/A
255
private_extension
private_extension
private_extension
Table 32-41
GTP Information Elements (continued)
Value
Version 0
Version 1
Version 2