 |
Note: Pattern negation is supported for packet, line, and application based contexts only and not for stream and normalized stream contexts. |
Attack patterns are signatures of the attacks you want to detect. A signature is a pattern that always exists within an attack; if the attack is present, so is the signature. To create the attack pattern, you must first analyze the attack to detect a pattern (such as a segment of code, a URL, or a value in a packet header), then create a syntactical expression that represents that pattern. You can also negate a pattern. Negating a pattern means that the attack is considered matched if the pattern defined in the attack does not match the specified pattern.
|
Note: Pattern negation is supported for packet, line, and application based contexts only and not for stream and normalized stream contexts. |