Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mmorcali
New Contributor

How to create custom ips signature using dynamic pattern?

Hi,

 

I want to create custom ips signature. I can create signature using static pattern but I don't know how I can create using dynamic pattern. Pattern can be change but I want to block if I catch same pattern in time. Aynbody know how I can create custom ips signature using dymanic pattern?

 

Thank you 

5 REPLIES 5
AEK
SuperUser
SuperUser

Hi @mmorcali 

What do you mean exactly by dynamic pattern? Can you illustrate by an example?

AEK
AEK
mmorcali
New Contributor

Hi @AEK 

 

F-SBID( --attack_id 9236; --name "S1-AP.signature";  --severity high; --protocol 132;  --pattern "|00 00 00 12|";  --pattern "|09 99|"; --rate 15,60;)

 

In this example I can catch staticly. But --pattern "|09 99|" can be change and I don't know all the patterns. I want to block when I catch same pattern in time.

AEK

Hope this helps:

https://docs.fortinet.com/document/ipsengine/7.4.0/custom-ips-and-application-control-signature-synt...

Regular expressions should conform to the Perl Compatible Regular Expression (PCRE) standard. See pcre for syntax details.

AEK
AEK
mmorcali
New Contributor

Thank you

I know that document but it does not have the answer to my question

spoojary
Staff
Staff

chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/f21167b4-200c-11e9-b6f6-f8bc12...

Siddhanth Poojary
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors