Each keyword list has built-in conditions that determine if the content triggers a
detection. A
keyword list must meet specified criteria before IMSS
subjects it to a policy.
Expressions are a powerful string-matching tool. Ensure that you are comfortable with
expression syntax before creating expressions. Poorly written expressions can impact
performance.
When creating expressions:
-
Note that
IMSS follows the expression formats defined
in Perl Compatible Regular Expressions (PCRE). For more information on PCRE, visit
http://www.pcre.org/.
-
Refer to the predefined expressions for guidance on how to define valid expressions.
-
Start with simple expressions. Modify the expressions if they are causing false alarms
or
fine tune them to improve detections.
-
Specify criteria when creating expressions. An expression must meet specified criteria
before
IMSS subjects it to a policy.
