для Cisco Cisco FirePOWER Appliance 7125
32-106
FireSIGHT System User Guide
Chapter 32 Understanding and Writing Intrusion Rules
Filtering Rules on the Rule Editor Page
Using Character Strings in a Rule Filter
License:
Protection
Each rule filter can include one or more alphanumeric character strings. Character strings search the rule
Message
field, Signature ID, and Generator ID. For example, the string
123
returns the strings
"Lotus123"
,
"123mania"
, and so on in the rule message, and also returns SID 6123, SID 12375, and so
on. For information on the rule
Message
field, see
. For
information on rule SIDs and GIDs, see
All character strings are case-insensitive and are treated as partial strings. For example, any of the strings
ADMIN
,
admin
, or
Admin
return
"admin"
,
"CFADMIN"
,
"Administrator"
and so on.
Table 32-60
Rule Filter Keywords
Keyword
Description
Example
arachnids
Returns one or more rules based on all or part of the Arachnids ID
in a rule reference. See
in a rule reference. See
for more information.
arachnids:181
bugtraq
Returns one or more rules based on all or part of the Bugtraq ID
in a rule reference. See
in a rule reference. See
for more information.
bugtraq:2120
cve
Returns one or more rules based on all or part of the CVE number
in a rule reference. See
in a rule reference. See
for more information.
cve:2003-0109
gid
The argument
1
returns standard text rules. The argument
3
returns
shared object rules. See
table for more information.
gid:3
mcafee
Returns one or more rules based on all or part of the McAfee ID
in a rule reference. See
in a rule reference. See
for more information.
mcafee:10566
msg
Returns one or more rules based on all or part of the rule Message
field, also known as the event message. See
field, also known as the event message. See
for more information.
msg:chat
nessus
Returns one or more rules based on all or part of the Nessus ID in
a rule reference. See
a rule reference. See
for more information.
nessus:10737
ref
Returns one or more rules based on all or part of a single
alphanumeric string in a rule reference or in the rule Message
field. See
alphanumeric string in a rule reference or in the rule Message
field. See
for more information.
ref:MS03-039
sid
Returns the rule with the exact Signature ID. See
for more information.
sid:235
url
Returns one or more rules based on all or part of the URL in a rule
reference. See
reference. See
for more
information.
url:faqs.org