Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Javier002
Participant
Jump to solution

How to assign a group of filtered signatures to Profile IPS /TP?

Hello,

I´m trying to create a Threat profile that only contains a group of selected signatures with: Threat Year > 2015 AND Confidence Level = Hight AND Severity = Critical, High. Is this possible? Because you can filter with those parameters but I can´t find how to create a profile filtering with them.

Thanks in advance.

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend
Legend

First, set the General Policy as wanted. I suggest not to use Detect in Activation Mode:

policy.PNG

Then, instead of activating selected signatures with: Threat Year > 2015 only, just deactivate all signatures with: Threat Year < 2016:

additional.PNG

With Protections to Activate Any you can be sure to get all the newest protections activated (if they fall into your General Profile). As there is no Year: 2021 you would not get newer protections than 2020 activated if you use a Threat Year list here...

CCSE CCTE CCSM SMB Specialist

View solution in original post

0 Kudos
1 Reply
G_W_Albrecht
Legend
Legend

First, set the General Policy as wanted. I suggest not to use Detect in Activation Mode:

policy.PNG

Then, instead of activating selected signatures with: Threat Year > 2015 only, just deactivate all signatures with: Threat Year < 2016:

additional.PNG

With Protections to Activate Any you can be sure to get all the newest protections activated (if they fall into your General Profile). As there is no Year: 2021 you would not get newer protections than 2020 activated if you use a Threat Year list here...

CCSE CCTE CCSM SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events