IDS MC and Signatures

IDS sensor signatures are the representations of patterns that have certain characteristics of various attacks and other activities attackers may use against a network. The patterns or signatures will be used by the Cisco IDS sensors to detect malicious traffic and act on it. Upon detection of a suspected attack or reconnaissance, the IDS sensor can send an alarm to the Security Monitor or attempt to intervene through the use of shunning, blocking, or TCP resets (RSTs). The IDS MC provides many administrative services with regards to the maintenance of signatures. The MC can be used to enable or disable various signatures based on the administrator's determination of whether they are relevant to the network being monitored by a given sensor. Additionally, the IDS MC provides for the capability to define custom signatures that may not be part of the normal signature pack distributed in CIDS software or signature updates. This capability allows security staff to add to the sensor signature database. Managing, updating, and distributing these signatures are key administrative functions of the IDS Management Center.