I have created several custom vulnerability signatures so I am familiar with the general process. I want to create a custom vuln signature based on a string but I also want to add a time signature to time attribute to that signature since it will triggering rather frequently.
Unfortunately, it appears that I can only add a time attribute combination signatures but within the combination signatures, I cannot select any of my own previously created signatures. If I use Standard signature, I can easily create a pattern match signature but I don't see the functionality to add a time attribute. Am I missing something or is what I am trying to do just not supported.
Solved! Go to Solution.
I've done this previously with 4.1 and it worked great. I haven't done it recently in 6.0.1, but I went through the motions and it seemed to work fine. You have to make 2 different signatures. The first one is your initial "standard", single signature. Then, once you've created that, you can create a completely new "combination" signature that references your first signature - and then add the time component:
Thanks. I was trying that at the Panorama level and getting this warning:
After seeing your success, I tried it at the PA device level and it worked fine. Curious. I will open a ticket with tech support on the issue. Thanks for the help.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!