A rule that defines how to identify an intrusion. Symantec’s Intrusion Prevention System identifies known attacks by pattern-matching against rules or ‘signatures’ stored in the Symantec IPS Library or a custom library. See also signature library, System Library.
1. A state or pattern of activity that indicates a violation of policy, a vulnerable state, or an activity that may relate to an intrusion. 2. Logic in a product that detects a violation of policy, a vulnerable state, or an activity that may relate to an intrusion. This can also be referred to as a signature definition, an expression, a rule, a trigger, or signature logic. 3. Information about a signature including attributes and descriptive text. This is more precisely referred to as signature data.
Signatures are unique identifiers for sub-events extracted from analyzed device logs.