To Edit a
Custom Attack ObjectYou can define custom attack objects for use with Deep Inspection (DI). To do so, click New and configure the object on the Custom Attack Object Configuration page. After defining an attack object, the security device can use it when performing Deep Inspection. For each attack object, you can view the following information:
Name: Displays the name of a custom attack object. Each custom attack object name begins with "CS:" to indicate that it is a custom attack object.
Type: Identifies the type of attack object: either signature or anomaly.
Context: Defines the location in the packet where the DI module searches for a signature matching the attack object pattern.
Severity: Specifies the severity level for the attack object.
Note: The attack object severity level is useful for NetScreen-Security Manager (NSM).
Pattern: Displays the text string for which the security device searches.
Note: Because the DI module supports regular expressions, it can use wildcards when searching for patterns. Thus, a single signature definition can apply to multiple attack pattern variations.
Configure: You can edit or remove an existing attack object. Before attempting to remove an attack object, make sure that it is not in use in any policies.
To Edit a
Custom Attack ObjectIn the Configure column, click Edit for the custom attack object that you want to modify.
The Custom Attack Object Configuration page appears.
Edit the configuration, and then click OK to save your changes.
To Remove
a Custom Attack ObjectIn the Configure column, click Remove for the custom attack object that you want to remove.
A system message prompts you to confirm the removal.
Click OK to confirm the removal, or Cancel to cancel it.