From the Network Security home page click the Policy icon 
in the navigation panel and select Intrusion Prevention Filtering.
in the navigation panel and select Intrusion Prevention Filtering.The IPS Filters page lists 100 filters at a time from the threat intelligence packages
that you have loaded. Filters are listed by the month and year of their release, with
the most current filters listed first. Learn more about refining your searches.
Click a filter to see an overview of it, including:
- Information about the filter's function
- Release/modification dates
- Severity
- Source
- Category
- CVE identifications
Each filter comes configured with default recommended settings that determine how
the filter manages traffic. Some filters are disabled while others are enabled; some
might have permit actions assigned while others are set to block. To adjust the settings
to better suit your environment, you can customize the default settings.
Search filters
From the Intrusion Prevention Filtering page, enter text in the Search field to
refine the filters list according to criteria that is relevant to your
environment.
When you click the Search field, a search bar is displayed to help you refine your
search. You can use any combination of the following properties to build a compound
query that narrows your search:
- Customized - Specifies whether the filter you are seeking has been
customized (
true) or not (false). - Date Released - Narrows your filter search according to whether it was released in the last 24 hours, 7 days, 30 days, 90 days, 180 days, 365 days, or within the date range that you specify.
- Date Modified - Narrows your filter search according to whether it was modified in the last 24 hours, 7 days, 30 days, 90 days, 180 days, 365 days, or within the date range that you specify.
- Description - Specifies keywords in the description of the filter you are seeking.
- Filter Name - Specifies keywords in the name of the filter you are seeking.
- Filter State - Specifies whether the filter you are seeking is
enabledordisabled. - Flow Control - Specifies whether the action set assigned to the
filter you are seeking is
block,permit, ortrust. - Latest Threat - Specifies whether the filter you are seeking is
associated (
true) or not (false) with malware that threat intelligence has deemed to be among the latest active threats. - Log Event - Specifies whether the filter you are seeking generates
a log event when triggered (
enabled) or not (disabled). - Protocol - Specifies the protocol of the filter you are seeking.
- Severity - Specifies whether the severity of the filter you are
seeking is
Critical,Major,Minor, orLow. - Any - Narrows the search by keywords. Randomly typing text in the Search field is the same as selecting the Any property. All of the following fields get searched:
|
Searchable Fields
|
Returned matches
|
Example
|
|
Category
|
Exact and Partial
|
"Cross-Site Scripting" |
|
CVE
|
Exact and Partial
|
CVE-2015-0090 |
|
Description
|
Partial
|
requests to Apache server |
|
Filter Name
|
Partial
|
Synergy |
|
Filter Number
|
Partial
|
3103 |
|
Platform
|
Exact and Partial
|
"Microsoft Windows 7" |
|
Protocol
|
Exact
|
ms-sql |
|
Severity
|
Partial
|
Critical |
None of the searchable fields are case-sensitive. For example, searching for
googledrive returns filters that include GoogleDrive
RAT.Partial-match searches must include whole words. For example, a search on the word
Buffer will return filter results that have the word
"Buffer," but searching on Buf will not. For the
Category, CVE, and Platform fields, partial-match searches also return values with
periods (.) or slashes (/) in them. For example, searching on
Sunburst returns results such as
Trojan.MSIL.Sunburst.A.If you are searching for a value that contains multiple words, enclose the words in
double-quotes (
""). For example, entering
"Microsoft Windows 7" returns filters that include
specifically Microsoft Windows 7; entering "Red Hat
Enterprise Linux" returns filters with any versions of Red Hat
Enterprise Linux.You can also use the
GET /api/policies API for exact-match searches
and partial-match searches. Learn more about refining your searches using the API.Clicking the Reset Search button to the right of the field clears the
search text without refreshing the page.