Signature or Severity Levels

One of the properties of each signature is signature severity (also called attack severity rating [ASR]). This is a rating between 0 and 100 that indicates (in the eyes of the individual who created the signature) how severe the attack is that is covered by this particular signature. We discussed earlier the three primary factors that go into calculating the risk rating, and the ASR, which is a property of the signature, is one of those three elements. Instead of having to set a numeric value for the severity, the interface for IPS/IDS prompts us for one of four levels. Those four options are as follows:

Informational

Low

Medium

High

The higher the severity, the greater the number in the background that goes into the calculation for this factor into the risk rating.

The other property that is part of the signature and is a significant portion of the overall risk rating calculation is the signature fidelity rating (SFR), and this value literally is a numeric value between 0 and 100 set by the person who created the signature. Both the SFR and the ASR can be tuned by the administrator regardless of what the initial value was set to by default.