Alternatively, you can manually add custom signatures to the NSX IDS/IPS system.

Procedure

  1. From the NSX Manager go to the Security > IDS/IPS & Malware Prevention (under Policy Management section).
  2. On the IDS/IPS & Malware Prevention page, go to the Signature Management tab and select Custom Signature.
  3. Click Add and choose the Manually Add option.
  4. In the Manually Add Custom Signatures window, click Add Signature.
  5. In the IDS Signature text field, copy-paste or enter a signature and click Add. This signature will be added to the currently selected signature bundle.
  6. On the Custom Signatures page, click Validate. If the signature is tagged as a Invalid or Warning signature, make the necessary correction, and re-validate. By default, Warning signatures are not published. You have to explicitly select a Warning signature if you want to publish it to the transport node and NSX Edges.
  7. Click Publish to push the signature to the transport nodes.
    Note:

    A signature that is validated but not yet published can be cancelled from the NSX Manager UI.