Fortinet Document Library

Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

IPS signature activation filter: hold-time and CVE pattern 6.4.2

FortiManager now supports CVE ID filtering. You can also set the hold-time for an IPS signature activation.

To add a CVE filter in the GUI:
  1. Log into FortiManager as a System Admin or Restricted Admin.

    If you are logged in as System Admin, go to Policy & Objects > Object Configurations > Security Profiles > Intrusion Prevention.

    If you are logged in as a Restricted Admin, go to Intrusion Prevention > Profiles.

  2. In the IPS Signatures and Filters section, create a new filter or select a filter to update. The Create New IPS Signatures and Filters dialog box is displayed.
  3. Click the Filter icon.

  4. Click Add Filter > CVE ID. Enter the CVE ID, then click Use Filters, and click OK.

To configure the hold-time settings in the GUI:
  1. Go to Device Manager > Device & Groups.
  2. Select a managed device.
  3. In the toolbar, click CLI Configuration.
  4. In the configurations menu, go to System > IPS. The system ips dialog box is displayed.
  5. Ensure override-signature-hold-by-id is enabled.

  6. In the signature-hold-time field, enter the number of days or hours hold and monitor the IPS signatures.

IPS signature activation filter: hold-time and CVE pattern 6.4.2

FortiManager now supports CVE ID filtering. You can also set the hold-time for an IPS signature activation.

To add a CVE filter in the GUI:
  1. Log into FortiManager as a System Admin or Restricted Admin.

    If you are logged in as System Admin, go to Policy & Objects > Object Configurations > Security Profiles > Intrusion Prevention.

    If you are logged in as a Restricted Admin, go to Intrusion Prevention > Profiles.

  2. In the IPS Signatures and Filters section, create a new filter or select a filter to update. The Create New IPS Signatures and Filters dialog box is displayed.
  3. Click the Filter icon.

  4. Click Add Filter > CVE ID. Enter the CVE ID, then click Use Filters, and click OK.

To configure the hold-time settings in the GUI:
  1. Go to Device Manager > Device & Groups.
  2. Select a managed device.
  3. In the toolbar, click CLI Configuration.
  4. In the configurations menu, go to System > IPS. The system ips dialog box is displayed.
  5. Ensure override-signature-hold-by-id is enabled.

  6. In the signature-hold-time field, enter the number of days or hours hold and monitor the IPS signatures.