Intrusion prevention hold-time and CVE filtering
IPS signature filter options include hold-time and CVE pattern.
IPS signature hold-time
The hold-time option allows you to set the amount of time that signatures are held after a FortiGuard IPS signature update per VDOM. During the holding period, the signature's mode is monitor. The new signatures are enabled after the hold-time to avoid false positives.
The hold-time can be from 0 days and 0 hours (default) up to 7 days, in the format ##d##h.
This setting is configured for each FortiGate device and cannot be configured by restricted administrators. |
For more information on configuring hold-time, see Intrusion prevention filtering options in Policy & Objects.
CVE pattern filters
The CVE pattern option allows you to filter IPS signatures based on CVE IDs or with a CVE wildcard, ensuring that any signatures tagged with that CVE are automatically included.
For more information on configuring CVE filters, see Intrusion prevention filtering options in Policy & Objects.