IDS Profiles are used to group signatures, which can then be applied to select applications.
Signatures can be enabled based on the severity rating of the signature. A higher score indicates an increased risk associated with the intrusion event. Severity is determined based on the following:
- Severity specified in the signature itself
- CVSS (Common Vulnerability Scoring System) score specified in the signature
- Type-rating associated with the classification type
Exclusions are set per severity level and are used to disable signatures, reducing noise and improving performance. Exclusions are used to disable signatures:
- That cause false positives
- That are noisy
- That are irrelevant to the protected workloads
Procedure
- Navigate to .
- Enter a profile name and description.
- Click one or more of the severities you want to include.
- To exclude a severity, click select under Signatures to Exclude. You can now view and exclude the signatures included in that severity level. Click Add to add a signature to the exclusion list. The following information is provided for each signature:
| Variable |
Description |
| Signature ID |
Identification number that references individual signatures. |
| Details |
Describes the threat. |
| Product Affected |
Shows what product is vulnerable to the exploit. |
| Attack Target |
Target of the attack. |
| IDS Severity |
Indicates the severity of the signature. For more details, see IDS Severity Ratings. |
| CVSS (Common Vulnerability Scoring System) |
CVSS is a framework for rating the severity of security vulnerabilities in software. A CVSS base score of 0.0-3.9 is considered low severity. A CVSS base score of 4.0-6.9 is medium severity. A CVSS base score of 7.0-10.0 is high severity. |
| CVE (Common Vulnerability Enumeration) |
Common Vulnerability Enumeration (CVE), is a dictionary of publicly known information security vulnerabilities and exposures. |
| Category |
Type of attack. |
- Click Save.
What to do next
Create IDS rules.
