Skip to main content
mmorcali
mmorcali
New Member
April 3, 2024
Question

How to create custom ips signature using dynamic pattern?

  • April 3, 2024
  • 2 replies
  • 2156 views

Hi,

 

I want to create custom ips signature. I can create signature using static pattern but I don't know how I can create using dynamic pattern. Pattern can be change but I want to block if I catch same pattern in time. Aynbody know how I can create custom ips signature using dymanic pattern?

 

Thank you 

2 replies

AEK
SuperUser
AEK
SuperUser
April 3, 2024

Hi @mmorcali 

What do you mean exactly by dynamic pattern? Can you illustrate by an example?

AEK
    mmorcali
    mmorcaliAuthor
    New Member
    April 3, 2024

    Hi @AEK 

     

    F-SBID( --attack_id 9236; --name "S1-AP.signature";  --severity high; --protocol 132;  --pattern "|00 00 00 12|";  --pattern "|09 99|"; --rate 15,60;)

     

    In this example I can catch staticly. But --pattern "|09 99|" can be change and I don't know all the patterns. I want to block when I catch same pattern in time.

    AEK
    SuperUser
    AEK
    SuperUser
    April 3, 2024

    Hope this helps:

    https://docs.fortinet.com/document/ipsengine/7.4.0/custom-ips-and-application-control-signature-syntax-guide/256197/signature-definition-notes

    Regular expressions should conform to the Perl Compatible Regular Expression (PCRE) standard. See pcre for syntax details.

    AEK
      spoojary
      Staff
      spoojary
      Staff
      April 3, 2024

      chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/f21167b4-200c-11e9-b6f6-f8bc1258b856/Custom_IPS_and_Application_Control_Signature-3.6-Syntax_Guide.pdf

        Terms & ConditionsAccessibility statement