IPS Settings

Navigate to Threats > Intelligence Database > IPS Settings to upload and manage IPS rule sets.

All rules from all enabled IPS rule sets are loaded and evaluated. If two rule sets contain rules with an identical ID (sid keyword), the rule with the higher revision number (rev keyword) takes precedence.

The table displays the default rule set and the custom rule sets with their names, optional notes, and statistics. With the toggle in the first column you can enable (on) or disable (off) an IPS rule set. All rules in all enabled rule sets are loaded consecutively in the order displayed in the unsorted table.

Note

If you want to turn the IPS off, disable all IPS rule sets in this table.

The table shows the following details. Statistical information is only available for activated rule files.

Field

Description

on/off

The toggle indicates whether the IPS rule set is enabled or not.

Name

The name of the IPS rule set.

Note

Optional: A short description of the IPS rule set.

Number of Rules

The number of rules that were identified and tried to be parsed.

Usable Rules

The number of rules that were successfully parsed.

Newer Rules

The number of rules from older rule files that were overwritten by this rule file.

Outdated Rules

The number of rules in this rule file that were not loaded because previously loaded rules took precedence.

The total number of active IPS rules amounts to the number of Usable Rules minus the sum of Newer Rules and Outdated Rules.

The icons in the last table column allow you to download or delete an IPS rule set.

Note

The default rule set System IPS Rules.csv cannot be deleted.

IPS Rule Set Upload

genua regularly provides updated IDS rule sets that you can download at https://files.cognitix.de/pattern/ids-rules.pfw.

You can also write custom IPS rule set files. IPS rule set files can be .rules, .csv or .txt files.

To upload a new IPS/IDS rule set, click Upload above the overview table.

When you upload an IPS rule set file, the upload screen is displayed with the following elements:

Field

Description

on/off

The toggle indicates whether the IPS rule set is enabled or not.

SELECT

Access the file system where you can select the IPS rule set file (.rules, .csv or .txt format).

Note

Optional: Add a short description of the IPS rule set.

To use the IPS rule set file, click the UPLOAD button at the bottom of the screen. If you do not want to upload the file, click CANCEL.

Additional References:

For information on the keywords used in IPS signatures, refer to IPS Rule Definitions.