Table of contents
Topics on this page

Filters

From the Network Security home page click the Policy icon policies icon in the navigation panel and select Intrusion Prevention Filtering.

The IPS Filters page lists 100 filters at a time from the threat intelligence packages that you have loaded. Filters are listed by the month and year of their release, with the most current filters listed first. Learn more about refining your searches.

Click a filter to see an overview of it, including:

  • Information about the filter's function
  • Release/modification dates
  • Severity
  • Source
  • Category
  • CVE identifications

Each filter comes configured with default recommended settings that determine how the filter manages traffic. Some filters are disabled while others are enabled; some might have permit actions assigned while others are set to block. To adjust the settings to better suit your environment, you can customize the default settings.

Search filters

From the Intrusion Prevention Filtering page, enter text in the Search field to refine the filters list according to criteria that is relevant to your environment.

When you click the Search field, a search bar is displayed to help you refine your search. You can use any combination of the following properties to build a compound query that narrows your search:

  • Customized - Specifies whether the filter you are seeking has been customized (true) or not (false).
  • Date Released - Narrows your filter search according to whether it was released in the last 24 hours, 7 days, 30 days, 90 days, 180 days, 365 days, or within the date range that you specify.
  • Date Modified - Narrows your filter search according to whether it was modified in the last 24 hours, 7 days, 30 days, 90 days, 180 days, 365 days, or within the date range that you specify.
  • Description - Specifies keywords in the description of the filter you are seeking.
  • Filter Name - Specifies keywords in the name of the filter you are seeking.
  • Filter State - Specifies whether the filter you are seeking is enabled or disabled.
  • Flow Control - Specifies whether the action set assigned to the filter you are seeking is block, permit, or trust.
  • Latest Threat - Specifies whether the filter you are seeking is associated (true) or not (false) with malware that threat intelligence has deemed to be among the latest active threats.
  • Log Event - Specifies whether the filter you are seeking generates a log event when triggered (enabled) or not (disabled).
  • Protocol - Specifies the protocol of the filter you are seeking.
  • Severity - Specifies whether the severity of the filter you are seeking is Critical, Major, Minor, or Low.
  • Any - Narrows the search by keywords. Randomly typing text in the Search field is the same as selecting the Any property. All of the following fields get searched:
Searchable Fields Returned matches Example
Category Exact and Partial "Cross-Site Scripting"
CVE Exact and Partial CVE-2015-0090
Description Partial requests to Apache server
Filter Name Partial Synergy
Filter Number Partial 3103
Platform Exact and Partial "Microsoft Windows 7"
Protocol Exact ms-sql
Severity Partial Critical

None of the searchable fields are case-sensitive. For example, searching for googledrive returns filters that include GoogleDrive RAT.

Partial-match searches must include whole words. For example, a search on the word Buffer will return filter results that have the word "Buffer," but searching on Buf will not. For the Category, CVE, and Platform fields, partial-match searches also return values with periods (.) or slashes (/) in them. For example, searching on Sunburst returns results such as Trojan.MSIL.Sunburst.A.

If you are searching for a value that contains multiple words, enclose the words in double-quotes (""). For example, entering "Microsoft Windows 7" returns filters that include specifically Microsoft Windows 7; entering "Red Hat Enterprise Linux" returns filters with any versions of Red Hat Enterprise Linux.

You can also use the GET /api/policies API for exact-match searches and partial-match searches. Learn more about refining your searches using the API.

Clicking the Reset Search button to the right of the field clears the search text without refreshing the page.