FortiManager now supports CVE ID filtering. You can also set the hold-time for an IPS signature activation.
- Log into FortiManager as a System Admin or Restricted Admin.
If you are logged in as System Admin, go to Policy & Objects > Object Configurations > Security Profiles > Intrusion Prevention.
If you are logged in as a Restricted Admin, go to Intrusion Prevention > Profiles.
- In the IPS Signatures and Filters section, create a new filter or select a filter to update. The Create New IPS Signatures and Filters dialog box is displayed.
- Click the Filter icon.
- Click Add Filter > CVE ID. Enter the CVE ID, then click Use Filters, and click OK.
- Go to Device Manager > Device & Groups.
- Select a managed device.
- In the toolbar, click CLI Configuration.
- In the configurations menu, go to System > IPS. The system ips dialog box is displayed.
- Ensure override-signature-hold-by-id is enabled.
- In the signature-hold-time field, enter the number of days or hours hold and monitor the IPS signatures.