To Create a Custom Attack ObjectYou can create your own stateful signature attack objects to suit your specific Deep Inspection (DI) needs. After defining one or more attack objects, you add them to a custom attack object group (which you can configure on the Custom Attack Object Group Configuration page. After doing that, you can reference the custom attack object group in policies applying to traffic to which you want to apply Deep Inspection.
To Create a Custom Attack ObjectConfigure the following, and then click OK:
Attack Name: Beginning with CS:, type the name of the custom attack object. For example, CS:login_attack, CS:sig1, or CS:AO1.
Attack Context: From the drop-down list, select the context in which you want the security device to look for the attack pattern.
Attack Severity: From the drop-down list, select the severity level for this attack object. (You can determine your own criteria for setting severity levels.)
Attack Pattern: Type the attack pattern that you want the security device to detect.
Note: You can use a set of regular expressions in you attack pattern definition. For information about which regular expressions you can use, see Concepts & Examples ScreenOS Reference Guide, Volume 4 "Attack Detection and Defense Mechanisms".
Pattern Negation: Selecting this check box defines the attack object as anything but the pattern you enter in the Attack Pattern field.