Link Search Menu Expand Document

Signature Profiles

Signature profiles enable you to configure rules that are downloaded from the signature set. Orchestrator provides a Default signature profile that includes default settings for the rules. It is automatically used across all appliances. You can create additional signature profiles and override the default rule settings by choosing different actions as needed.

By default, all rules included in the signatures list are enabled on all appliances where IPS is enabled. The default action is to drop traffic when a rule is triggered. However, for certain traffic or in some other cases, you might want to specify different actions for IPS to take.

  1. To open the Signature Profiles tab, click Signature Profiles on the Intrusion Detection/Prevention tab (Configuration > Overlays & Security > Security > IDS/IPS).

    img

  2. The Profile field indicates that rules for the Default signature profile are displayed on this tab. To change the displayed signature profile, select the appropriate profile from the Profile drop-down list.

    To create signature profiles, see Create a Signature Profile below.

  3. Use the Filter Rules field above the table to filter the list of rules. You can also use the filters to the right of the field to view rules by affected products, rule category, severity, and/or action.

  4. To set the response for a specific rule, select one of the following actions from the drop-down list in the Action column. For multiple rules, select the appropriate rule rows in the table, and then select an action from the Bulk Edit Filtered Rules drop-down list.

    • Drop: Drop the traffic when a matching signature condition exists for the source, destination, or both.

    • Inspect: Continue the traffic flow to the destination, but inspect the traffic for any anomalies.

    • Allow: Pass the traffic from the source.

    You can apply profiles to your appliances by clicking the Apply Profile link. For details, refer to the help information for the Intrusion Detection/Prevention tab.

Create a Signature Profile

When you create a signature profile, it will be selectable from the Profile drop-down list. Then you can change the rule actions for that profile as needed.

  1. Click the edit icon associated with the Profile field.

    The Signature Profiles dialog box opens.

  2. Click + Add.

    The Add Signature dialog box opens.

  3. In the Profile Name field, enter a signature profile name, and then click Ok.

    The new signature profile displays on the Signature Profiles dialog box.

  4. Click Save.

Back to top

© Copyright 2023 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.