Policy Administration - Managing Signatures

Policies are structured by adding specific MetaDefender NDR signatures and user-defined signatures whose string patterns are matched against files received via emails or the web for analyzing the file content. MetaDefender NDR latest signatures (Sigpack updates) can be configured to be updated automatically through the Internet, or you can manually upload them via the user interface by clicking Administration > Manual Update. When new signatures are published, and if the manager has an Internet connection, sigpacks will be downloaded by the MetaDefender NDR manager automatically to update systems with the latest signatures developed by MetaDefender NDR to detect the latest threats. User-defined signatures can be added through the interface too.

Note: Your organization may choose not to enable all signatures provided by MetaDefender NDR or user-defined signatures added to the appliance. This could be due to excessive alerts that are not deemed as a threat in your environment or to narrow the focus of alerting to a specific group of signatures.

Adding Policies

You can add a new policy to your database and assign MetaDefender NDR and/or User-Defined signatures to it as required.

  1. Click Policy. In the default Policies tab, click Add Policy.

  2. Type a policy name and click Save. The MetaDefender NDR Labs and User-Defined tabs auto-populate allowing you to enable or disable the required signatures for the newly added policy.Note: Also observe the Policy Details segment on the right pane auto-populating with values pertaining to your user name, policy creation date, and the last modified date.

  3. In OPSWAT Labs, select or deselect the Enabled checkboxes of the OPSWAT signatures to include or exclude them from the policy as required.Note: By default, all signatures are enabled.
  1. In User-Defined, select or deselect the Enabled checkboxes of the user-defined signatures in the Added tab to include or exclude them from the policy as required.

Note: There are two tabs under the User-Defined tab namely Added and Available. The Available tab includes the user-defined signatures that you have created and are available in your database. The Added tab is empty by default and displays user-defined signatures only after you have added them from the Available tab, so it can be included or excluded from the policy. By default, all user-defined signatures moved to the Added tab are enabled and hence included in the policy. You can select or deselect the Enabled checkboxes to include or exclude them from the policy as required.

Click the Available tab and click Add corresponding to the user-defined signatures available in your database. This policy now gets added to the Added tab. To remove a signature from the Added tab and move it back to the Available tab, click Remove corresponding to that signature in the Added tab. Verify the signature placed back in the Available tab.

  1. Click Save. Files will be scanned using only the signatures that are enabled.

Note: You can use the Quick Search or Advanced Search features on the left pane to locate your desired signatures in the Signatures segment on this page.

To review the details of any signature in these tabs, click View corresponding to that signature. Note: The SubCategory columns apply only to MetaDefender NDR signatures.

Viewing Existing Policies

In Policy > Policies, you can view a list of existing policies with their basic details in a tabular form. Basic details of the existing policies include:

  • Name – Name of the policy you specify while creating/updating a policy.
  • Created By – User account name that created the policy.
  • Creation Date – Instance when the policy was created.
  • Last Modified – Instance when the policy was last updated.
  • Actions – Click View corresponding to a policy to view/update its name and/or its associated signatures in a new page. Click Run Scan corresponding to a policy to run a RetroHunt scan.

Editing Policies

  1. In Policy > Policies, click View corresponding to a policy you want to edit.
  2. Edit the policy name as required.
  3. Select or deselect the required signatures in the OPSWAT and User-Defined tabs.
  4. Click Save.

Deleting Policies

  1. In Policy > Policies, click View corresponding to a policy you want to delete.
  2. Click Delete Policy on the top-right corner of the screen.
  3. Click Delete again.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
User-Defined Signatures
On This Page
Policy Administration - Managing SignaturesAdding PoliciesViewing Existing PoliciesEditing PoliciesDeleting Policies