Tutorial: Modifying a Built-In Directive

Applies to Product: USM Appliance™ LevelBlue OSSIM®

USM Appliance comes with over 4,500 built-in directives, written by the researchers in the LevelBlue Labs™. LevelBlue recommends that you learn how these directives work, and then tailor them to your specific needs.

For example, you might want to detect dropped packets going to a single host on a firewall. In the built-in directives, such a directive exists, which detects dropped packets on the Cisco PIX firewall. However, in order to detect dropped packets on a different firewall, for instance, the Fortinet FortiGate firewall, you need to customize the directive. 

In this topic, we use this example to show the steps required to modify a built-in directive. It involves the following 4 tasks: