Topics on this page
From the Network Security home page click the Policy icon in the navigation panel and select Intrusion Prevention Filtering.
The IPS Filters page lists 100 filters at a time from the threat intelligence packages that you have loaded. Filters are listed by the month and year of their release, with the most current filters listed first. Learn more about refining your searches.
Click a filter to see an overview of it, including:
- Information about the filter's function
- Release/modification dates
- CVE identifications
Each filter comes configured with default recommended settings that determine how the filter manages traffic. Some filters are disabled while others are enabled; some might have permit actions assigned while others are set to block. To adjust the settings to better suit your environment, you can customize the default settings.
From the Intrusion Prevention Filtering page, enter text in the Search field to refine the filters list according to criteria that is relevant to your environment.
When you click the Search field, a search bar is displayed to help you refine your search. You can use any combination of the following properties to build a compound query that narrows your search:
- Customized - Specifies whether the filter you are seeking has been customized (
true) or not (
- Date Released - Narrows your filter search according to whether it was released in the last 24 hours, 7 days, 30 days, 90 days, 180 days, 365 days, or within the date range that you specify.
- Date Modified - Narrows your filter search according to whether it was modified in the last 24 hours, 7 days, 30 days, 90 days, 180 days, 365 days, or within the date range that you specify.
- Description - Specifies keywords in the description of the filter you are seeking.
- Filter Name - Specifies keywords in the name of the filter you are seeking.
- Filter State - Specifies whether the filter you are seeking is
- Flow Control - Specifies whether the action set assigned to the filter you are seeking is
- Latest Threat - Specifies whether the filter you are seeking is associated (
true) or not (
false) with malware that threat intelligence has deemed to be among the latest active threats.
- Log Event - Specifies whether the filter you are seeking generates a log event when triggered (
enabled) or not (
- Protocol - Specifies the protocol of the filter you are seeking.
- Severity - Specifies whether the severity of the filter you are seeking is
- Any - Narrows the search by keywords. Randomly typing text in the Search field is the same as selecting the Any property. All of the following fields get searched:
|Searchable Fields||Returned matches||Example|
|Category||Exact and Partial||
|CVE||Exact and Partial||
|Platform||Exact and Partial||
None of the searchable fields are case-sensitive. For example, searching for
googledrive returns filters that include
Partial-match searches must include whole words. For example, a search on the word
Buffer will return filter results that have the word "Buffer," but searching on
Buf will not. For the Category, CVE, and Platform fields, partial-match searches also return values with periods (.) or slashes (/) in them. For example, searching on
Sunburst returns results such as
If you are searching for a value that contains multiple words, enclose the words in double-quotes (
""). For example, entering
"Microsoft Windows 7" returns filters that include specifically
Microsoft Windows 7; entering
"Red Hat Enterprise Linux" returns filters with any versions of Red Hat Enterprise Linux.
You can also use the
GET /api/policies API for exact-match searches and partial-match searches. Learn more about refining your searches using the API.
Clicking the Reset Search button to the right of the field clears the search text without refreshing the page.