KFSensor

Configure Signatures

Use the Configure Signatures dialog box to change the location of the signature rule base.

Options

• Signature File
  The path of the XML file that contains the signatures used by KFSensor.
  If only the file name is specified then it is assumed to reside in the KFSensor conf sub-directory
• Enable Signature Engine
  This field enables or disables the checking of signatures

Signature Rule Event Severity Options

This functionality is new in version 4.2
A signature rule contains the option to change the severity of an event. This may have the effect reducing the severity set by listen definition. In order to control this behavior there are three different options:

• Disable signature rule severity
  Signature rules do not set severity.
• Signature rule severity always applied
  Signature rule severity always over-rides listen severity
• Signature rule severity only when higher than port severity
  This is the default option and allows a signature rule to increase the severity of an event, but not reduce it.

Related Topics

• Signature concepts
• Signature Maintenance

KFSensor On-Line Manual Contents