Manualshelf

User manual

ManualsBrandsCisco Systems ManualsSoftwareHome Security System IPS 7.1
651652653654655656657658659660
B-1
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
APPENDIX
B
Signature Engines
This appendix describes the IPS signature engines, and contains the following sections:
Understanding Signature Engines, page B-1
Master Engine, page B-4
Regular Expression Syntax, page B-9
AIC Engine, page B-10
Atomic Engine, page B-14
Fixed Engine, page B-30
Flood Engine, page B-32
Meta Engine, page B-33
Multi String Engine, page B-36
Normalizer Engine, page B-37
Service Engines, page B-40
State Engine, page B-61
String Engines, page B-63
String XL Engines, page B-66
Sweep Engines, page B-69
Traffic Anomaly Engine, page B-72
Traffic ICMP Engine, page B-74
Trojan Engines, page B-75
Understanding Signature Engines
A signature engine is a component of the Cisco IPS that is designed to support many signatures in a
certain category. An engine is composed of a parser and an inspector. Each engine has a set of parameters
that have allowable ranges or sets of values.
Note The Cisco IPS engines support a standardized Regex.