Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 155

Chapter 7 Defining Signatures
–
–
–
–
To define a MIME-type policy signature, follow these steps:
Log in to the CLI using an account with administrator or operator privileges.
Step 1
Step 2 Enter application policy enforcement submode:
sensor# configure terminal
sensor(config)# service signature-definition sig0
sensor(config-sig)# signatures 60001 0
sensor(config-sig-sig)# engine application-policy-enforcement-http
Specify the event action:
Step 3
sensor(config-sig-sig-app)# event-action produce-alert|log-pair-packets
Define the signature type:
Step 4
sensor(config-sig-sig-app)# signature-type content-type define-content-type
Define the content type:
Step 5
sensor(config-sig-sig-app-def)# name MyContent
Verify your settings:
Step 6
sensor(config-sig-sig-app-def)# show settings
-> define-content-type
-----------------------------------------------
*---> content-type-details
-----------------------------------------------
sensor(config-sig-sig-app-def)#
Step 7 Exit signatures submode:
sensor(config-sig-sig-app-def)# exit
sensor(config-sig-sig-app)# exit
sensor(config-sig-sig)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]:
Press Enter to apply the changes or type
Step 8
78-16527-01
max-outstanding-requests-overrun—Inspects for large number of outstanding HTTP
requests
msg-body-pattern—Message body pattern
request-methods—Signature types that deal with request methods
transfer-encodings—Signature types that deal with transfer encodings
name: MyContent
-----------------------------------------------
-----------------------------------------------
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
to discard them.
no
Creating Custom Signatures
7-37