< Home

assoc-check enable

Function

The assoc-check enable command enables the correlation detection function.

The undo assoc-check enable command disables the correlation detection function.

Format

assoc-check enable

undo assoc-check enable

Parameters

None

Views

Intrusion prevention profile view

Default Level

2: Configuration level

Usage Guidelines

By default, the function is enabled.

Intrusion prevention detects traffic by signatures that can be either basic signatures or correlation signatures. A basic signature describes a simple network attack. A correlation signature is composed of one or more basic signatures and describes a complex network attack. Correlation detection is implemented on the basis of correlation signatures.

If traffic matches a correlation signature, the system displays only the matched correlation signature, but not the matched basic signature of the correlation signature. After the correlation detection function is disabled, when traffic matches a basic signature included in a correlation signature, the system displays the basic signature.

Disabling correlation detection decreases the security detection capability of the system and therefore is not recommended. In addition, it is easy for traffic to match a basic signature included in a correlation signature. Therefore, correlation detection deteriorates the device performance.

Example

# Enable correlation detection in intrusion prevention profile profile1.

<sysname> system-view
[sysname] profile type ips name profile1
[sysname-profile-ips-profile1] assoc-check enable
Parent Topic: Intrusion Prevention Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >