Cisco Cisco FirePOWER Appliance 8360
25-48
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding the Session Initiation Protocol
Methods are case-insensitive. The method name can include alphabetic characters, numbers, and the
underscore character. No other special characters are permitted. Separate multiple methods with
commas.
underscore character. No other special characters are permitted. Separate multiple methods with
commas.
Because new SIP methods might be defined in the future, your configuration can include an
alphabetic string that is not currently defined. The system supports up to 32 methods, including the
21 currently defined methods and an additional 11 methods. The system ignores any undefined
methods that you might configure.
alphabetic string that is not currently defined. The system supports up to 32 methods, including the
21 currently defined methods and an additional 11 methods. The system ignores any undefined
methods that you might configure.
Note that, in addition to any methods you specify for this option, the 32 total methods includes
methods specified using the
methods specified using the
sip_method
keyword in intrusion rules. See
for
more information.
Maximum Dialogs within a Session
Specifies the maximum number of dialogs allowed within a stream session. If more dialogs than this
number are created, the oldest dialogs are dropped until the number of dialogs does not exceed the
maximum number specified; an event also triggers when rule 140:27 is enabled.
number are created, the oldest dialogs are dropped until the number of dialogs does not exceed the
maximum number specified; an event also triggers when rule 140:27 is enabled.
You can specify an integer from 1 to 4194303.
Maximum Request URI Length
Specifies the maximum number of bytes to allow in the Request-URI header field. A longer URI
triggers an event when rule 140:3 is enabled. The request URI field indicates the destination path or
page for the request.
triggers an event when rule 140:3 is enabled. The request URI field indicates the destination path or
page for the request.
Maximum Call ID Length
Specifies the maximum number of bytes to allow in the request or response Call-ID header field. A
longer Call-ID triggers an event when rule 140:5 is enabled. The Call-ID field uniquely identifies
the SIP session in requests and responses.
longer Call-ID triggers an event when rule 140:5 is enabled. The Call-ID field uniquely identifies
the SIP session in requests and responses.
Maximum Request Name Length
Specifies the maximum number of bytes to allow in the request name, which is the name of the
method specified in the CSeq transaction identifier. A longer request name triggers an event when
rule 140:7 is enabled.
method specified in the CSeq transaction identifier. A longer request name triggers an event when
rule 140:7 is enabled.
Maximum From Length
Specifies the maximum number of bytes to allow in the request or response From header field. A
longer From triggers an event when rule 140:9 is enabled. The From field identifies the message
initiator.
longer From triggers an event when rule 140:9 is enabled. The From field identifies the message
initiator.
Maximum To Length
Specifies the maximum number of bytes to allow in the request or response To header field. A longer
To triggers an event when rule 140:11 is enabled. The To field identifies the message recipient.
To triggers an event when rule 140:11 is enabled. The To field identifies the message recipient.
Maximum Via Length
Specifies the maximum number of bytes to allow in the request or response Via header field. A
longer Via triggers an event when rule 140:13 is enabled. The Via field provides the path followed
by the request and, in a response, receipt information.
longer Via triggers an event when rule 140:13 is enabled. The Via field provides the path followed
by the request and, in a response, receipt information.