This section provides links to product documentation, lists
policy parameters, gives examples of rules, describes syntax, and
offers other facts to help you manage the appliance.
Network IPS appliance FRU/CRU documentation in PDF format
Documentation in PDF format for IBM Security Network Intrusion Prevention System
Field Replacement Unit (FRU) parts and Customer Replacement Unit (CRU)
parts is available for download at the following location.
Web application protection categories
View information about the protection categories
for the Web
Application Protection feature for the Network IPS appliance.
Security event filters and regular expressions
Security event filters use
regular expressions to limit
the number of events that are returned and displayed on the Network
IPS appliance.
User-defined event contexts
User-defined event
contexts indicate to the Network IPS
appliance the type and the particular part of a network packet to
monitor for user-defined events.
User-defined events and regular expressions
For Network IPS appliances,
use regular expression syntax
in a user-defined event to detect more than a single static text string.
OpenSignatures syntax
The Network IPS appliance supports these syntax
options
for custom OpenSignatures rules.
PCRE keyword modifiers
For Network IPS appliances, use Perl compatible regular
expressions (PCRE) keywords to write rules for OpenSignatures.
Post-PCRE modifiers for OpenSignatures
For
Network IPS appliances, use these rules for post-PCRE
modifiers to set compile-time-flags for regular expressions for OpenSignatures.
Default tuning parameters
Use the Tuning Parameters page for
the Network IPS appliance to view the default parameters for the appliance.
More tuning parameters
For Network IPS appliances, use these tuning
parameters
to tune logging, dropped packets, statistics, the WAP policy, and
other administrative features.
Update tuning parameters
Use these common advanced parameters to manage
updates
for the Network IPS appliance.
OpenSignature tuning parameters
For Network IPS
appliances, use these tuning parameters
to enable the OpenSignature parser, to configure OpenSignature responses,
and to enable and configure OpenSignature throttling.
Predefined quarantine responses
For Network IPS appliances,
use predefined quarantine responses
to manage intruders, Trojans, Worms, and DDOS attacks.
Supported agent parameters
The Network IPS appliance supports the following SiteProtector™ system agent
parameters.
Firewall rule syntax
Use this syntax when you create firewall rules
for the
Network IPS appliance.
Firewall rule language
A firewall rule consists of several statements
(or clauses)
that define the traffic for which the rule applies. When you manually
create firewall rules for the Network IPS appliance, use clauses,
conditions, and expressions.
Firewall rule examples
For Network IPS appliances, use the following
list of firewall
rule examples for IPv4 and IPv6 addresses.