Import Signatures
The purpose of the Import Signatures dialog box is to keep KFSensor's rule base updated by loading in
new and updated signatures from a file, or set of files.
This dialog allows you to examine the rules before they are added to the rule base and allow you to
select or de-select the rules to be imported.
The rules loaded from file are placed in three categories, each resulting in a different import operation.
| Import Status |
Import Operation |
Notes |
| New |
Add |
New rules do not match any existing rules and are simply added to the rule base on import |
| Revision |
Revise |
A revision is a new rule that replaces an existing rule.
On import the old rule is set to be archived and inactive |
| Existing |
Over-write |
Existing rules are those that match those already in the rule base. These are excluded by default.
If imported they will over-write the matching rules. |
Signature Rule List
The signature list displays the signature rules loaded from the imported file.
- Import Operation
If blank the rule will be ignored else the specified operation will be performed.
- Import Status
See above.
- ID
The rule's unique id.
- Message
The user text.
- From Filter
The visitor port filter
- To Filter
The sensor port filter
- Signature
The content of the signatures
Buttons
- Import
Imports all the signatures with a selected import operation
- Select All
Defines an import operation for all the visible signatures.
- De-select All
Removes import operation for all the visible signatures.
Selection
- New
If checked then any new signatures in the file are displayed.
- Revisions
If checked then any signature revisions in the file are displayed.
- Existing
If checked then any existing signatures in the file are displayed.
Related Topics
KFSensor On-Line Manual Contents