Skip to main content

Signature Management Overview

This section is used in conjunction with many of the Security Policies to add and remove different websites and IP addresses from some of the select rules. This includes C&C, ATP, Anti-Virus, Proxy servers, Risky websites. Each subsection works using the same UI principles, while each has a different type of value input.

  1. Add: Fill in the required details to add to the block/allow lists
  2. List checkbox: This is used in conjunction with the “Delete” or “Exchange arrow”
  3. Exchange Arrow: This makes it simply to switch a value between the Allow and Block lists
  4. Reset: Used to reset all current changes made
  5. Apply: In order to apply any changes, this button must be selected and confirmed

Each subsection utilizes these principles except for the Malicious Code, which is controlled and updated by the CTI.

After adding signatures to any of the below types, they can be available for selection in various policies.

  • C&C
  • ATP
  • Anti-Virus
  • Proxy Server
  • Risky Website
  • Malware

Check out the Signature Management Configuration guide for more information on how to configure.