IDS Profiles are used to group signatures, which can then be applied to select applications.

Signatures can be enabled based on the severity rating of the signature. A higher score indicates an increased risk associated with the intrusion event. Severity is determined based on the following:
  • Severity specified in the signature itself
  • CVSS (Common Vulnerability Scoring System) score specified in the signature
  • Type-rating associated with the classification type
Exclusions are set per severity level and are used to disable signatures, reducing noise and improving performance. Exclusions are used to disable signatures:
  • That cause false positives
  • That are noisy
  • That are irrelevant to the protected workloads
The default IDS profile includes critical severities and cannot be edited.

Procedure

  1. Navigate to Security > Distributed IDS > Profiles.
  2. Enter a profile name and description.
  3. Click one or more of the severities you want to include.
    See IDS Severity Ratings for more information.
  4. To exclude a severity, click select under Signatures to Exclude. You can now view and exclude the signatures included in that severity level. Click Add to add a signature to the exclusion list. The following information is provided for each signature:
    Variable Description
    Signature ID Identification number that references individual signatures.
    Details Describes the threat.
    Product Affected Shows what product is vulnerable to the exploit.
    Attack Target Target of the attack.
    IDS Severity Indicates the severity of the signature. For more details, see IDS Severity Ratings.
    CVSS (Common Vulnerability Scoring System) CVSS is a framework for rating the severity of security vulnerabilities in software. A CVSS base score of 0.0-3.9 is considered low severity. A CVSS base score of 4.0-6.9 is medium severity. A CVSS base score of 7.0-10.0 is high severity.
    CVE (Common Vulnerability Enumeration) Common Vulnerability Enumeration (CVE), is a dictionary of publicly known information security vulnerabilities and exposures.
    Category Type of attack.
  5. Click Save.

What to do next

Create IDS rules.