In this chapter, you will learn how to:
Understand the CIDS signature series
Recognize signature structure and implementation
Make use of signature types
Know about signature classes
Understand signature series
Use signature categories
Learn about signature severities
View and manage alarms
Use Event Viewer customization
Configure preference settings
Understand the Network Security database
Sensors constantly monitor the network, looking for traffic that matches predefined signatures. Once a signature is matched, an alarm is generated, indicating the severity and signature that was matched. Signatures, which allow your sensors to detect intrusive activity, are a vital component of your IDS system. This chapter describes and details the CIDS signatures.
When the sensor matches a signature, an alarm is sent to the director platform. The director platform is then responsible for notifying security personnel. Each alarm has a severity associated with the matched signature. To insure the security of the network, you must be able to view these alarms using Event Viewer. During an actual attack on your network, sensors can generate a large number of alarms in a short period of time. If you’re unaware of the functionality of the Event Viewer, you can easily become overwhelmed with the number of alarms generated by your network sensors. To help with the understanding of the Event Viewer and the management of alarms, you should first understand the signatures that generate those alarm events.