User manual
B-1
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
APPENDIX
B
Signature Engines
This appendix describes the IPS signature engines, and contains the following sections:
•
Understanding Signature Engines, page B-1
•
Master Engine, page B-4
•
Regular Expression Syntax, page B-9
•
AIC Engine, page B-10
•
Atomic Engine, page B-14
•
Fixed Engine, page B-30
•
Flood Engine, page B-32
•
Meta Engine, page B-33
•
Multi String Engine, page B-35
•
Normalizer Engine, page B-36
•
Service Engines, page B-39
•
State Engine, page B-60
•
String Engines, page B-62
•
String XL Engines, page B-65
•
Sweep Engines, page B-68
•
Traffic Anomaly Engine, page B-71
•
Traffic ICMP Engine, page B-73
•
Trojan Engines, page B-74
Understanding Signature Engines
A signature engine is a component of the Cisco IPS that is designed to support many signatures in a
certain category. An engine is composed of a parser and an inspector. Each engine has a set of parameters
that have allowable ranges or sets of values.
Note
The Cisco IPS engines support a standardized Regex.