38-9
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter3 8 Defining IPS Signatures
Configuring Signatures
Replace Actions—The actions that you select completely replace those defined in the signature. To
open this dialog box, right-click the Actions cell of a signature and select Replace Actions With >
More.
Edit Actions—The actions that you select completely replace those defined in the signature. To open
this dialog box, right-click the Actions cell of a signature and select Edit Actions.
For an explanation of the available actions, see Understanding IPS Event Actions, page 39-2. You can
select multiple actions using Ctrl+click.
Note When you open dialog box, the list of actions that you see varies. The list of actions depends upon
whether you right-click in only one signature row in the Actions column or select more than one
signature row before right-clicking in the Actions column. If you right-click in only one signature row
in the Actions column, the list of actions is that of the engine for that signature. If you select more than
one signature row before right-clicking in the Actions column, the list of actions is that which is
available for each affected engine. (It is the list of common actions, not the union of actions.)

Edit Fidelity Dialog Box

Use the Edit Fidelity dialog box to make changes in the Fidelity Rating for a particular signature. The
Fidelity Rating, or Signature Fidelity Rating (SFR), identifies the weight associated with how well this
signature might perform in the absence of specific knowledge of the target. This rating can be any
number from 0 to 100, with 100 indicating the most confidence in the signature.
Navigation Path
In the Signatures policy, right-click the Fidelity cell in a signature and select Edit Fidelity. For
information on opening the Signatures policy, see Signatures Page, page 38-4. For more information on
the signature shortcut menu, see Signature Shortcut Menu, page 38-7.
Viewing Signature Update Levels
In Device view, you can determine the current signature update packages applied to the device in
Security Manager and compare it to the one deployed on the device.
Differences between the applied and deployed update levels can occur when:
The device is updated outside of Security Manager.
An update is applied to the policy in Security Manager but not yet published to the device.
During initial Security Manager deployment before the devices are under Security Manager control.
To view the signature update level, select the IPS > Signatures > Signatures policy for an IPS device
in Device view. Then, click the View Update Level button to open the Update Level dialog box.
The following table describes the information displayed in the dialog box.
Table38-3 Update Level Dialog Box
Element Description
Applied Level This column displays the patch level that is applied to this device in
Security Manager.