Skip to main content

Netskope Help

Creating a Signature Override

You can configure exceptions for Intrusion Prevention System (IPS) by creating signature overrides. New overrides only apply to future events and won't affect existing alerts.

To create a signature override:

  1. Go to Settings > Threat Protection > IPS Settings.

  2. Click the Signature Overrides tab.

  3. Click New Override.

  4. In the New Override window:

    • Signature: Select the signatures you want to inspect in your organization's traffic. You can search for a signature by name or ID.

      • References: Filter your signature search by Common Vulnerabilities and Exposures (CVE) references.

      • CVSS Severity: Filter your signature search by the Common Vulnerability Scoring System (CVSS).

        • Critical

        • High

        • Medium

        • Low

        • None

      The References and CVSS Severity filters for the signature search.
    • Status: Select one of the following options.

      • Enabled: Enable matching for the signatures.

      • Disabled: Disable matching for the signatures.

    • Action: Select one of the following options.

      • Alert: Allow traffic and send alerts based on the signature match.

      • Block: Block traffic based on the signature match.

      If you enabled Alert Only Mode for signature matching, Alert is the default action, and you can't modify this field.

    NGSWG-CTEP-Signature-Override-New-Override-Window.png
  5. Click Save.

You can view these events in the Skope IT Alerts page.