The ips associated pre-defined command sets a check item for a predefined associated signature.
The undo ips associated pre-defined command cancels the settings of the check item for a predefined associated signature.
ips associated pre-defined signature-id signature-id { threshold threshold-value | interval interval-value | block-time block-time | correlateby { source | destination | source-destination } } *
undo ips associated pre-defined { signature-id signature-id | all }
| Parameter | Description | Value |
|---|---|---|
signature-id signature-id |
Specifies the ID of a predefined associated signature. |
The value is an integer ranging from 1025 to 16777215. |
threshold threshold-value |
Specifies the threshold for signature association times. |
The value is an integer ranging from 1 to 2000. The default value is 30. |
interval interval-value |
Specifies the measurement period. If the number of times the associated signature is detected exceeds threshold-value within this period, the predefined associated signature is matched. |
The value is an integer ranging from 1 to 7200. The default value is 60. |
block-time block-time |
Specifies the time when the IP address is blacklisted if the action is block for the signature. |
The value is an integer ranging from 1 to 1000, in minutes. The default value is 5. |
correlateby |
Indicates the association mode. |
The default mode is source-destination. |
source |
Collects statistics on the number of times that the associated signature is matched for the same source IP address. |
- |
destination |
Collects statistics on the number of times that the associated signature is matched for the same destination IP address. |
- |
source-destination |
Collects statistics on the number of times that the associated signature is matched for the same source and destination IP addresses. |
- |
all |
Restores the check items of all predefined associated signatures to the default values. |
- |
If the check items of a predefined associated signature cannot meet requirements, you can run the ips associated pre-defined command to modify the check items.
During the IPS signature database update, if the configured predefined associated signature does not exist in the IPS signature database, the corresponding configurations are reserved but do not take effect. When the current configurations are queried, the following message is displayed: Invalid configuration. The specified signature (signature-id) does not exist in the current library. Please check and delete it.