Network Intrusion Detection System (NIDS)

Viewing the signature list

 

 

Viewing the signature list

To display the current list of NIDS signature groups and to view the members of a signature group:

1Go to NIDS > Detection > Signature List.

2View the names and action status of the signature groups in the list.

The NIDS detects attacks listed in all the signature groups that are checked in the Modify or Details column.

Note: The user-defined signature group is the last item in the signature list. See “Adding user- defined signatures” on page 224.

3Select View Details .to display the members of a signature group.

The Signature Group Members list displays the attack ID, Rule Name, and Revision number for each group member.

Viewing attack descriptions

Fortinet provides online information for all NIDS attacks. To view the FortiResponse

Attack Analysis web page for an attack listed on the signature list:

1Go to NIDS > Detection > Signature List.

2Select View Details .to display the members of a signature group. Select a signature and copy its attack ID.

3Open a web browser and enter this URL:

http://www.fortinet.com/ids/ID<attack-ID>

Remember to include the attack ID.

For example, to view the Fortinet Attack Analysis web page for the ssh CRC32 overflow /bin/sh attack (ID 101646338), use the following URL:

http://www.fortinet.com/ids/ID101646338

Note: Each attack log message includes a URL that links directly to the FortiResponse Attack Analysis web page for that attack. This URL is available from the Attack Log messages and Alert email messages. For information about log message content and formats, and about log locations, see the Logging Configuration and Reference Guide. To log attack messages, see “Logging attacks” on page 228.

Figure 34: Example signature group members list

FortiGate-100 Installation and Configuration Guide

223

Page 223
Image 223
Fortinet 100 user manual Viewing the signature list, Viewing attack descriptions, 223, Go to Nids Detection Signature List