Keywords & Expressions Parent topic

Create keywords or expressions on the Keywords & Expressions screen or during policy creation. Trend Micro recommends creating keywords or expressions before creating policies.
Each keyword list has built-in conditions that determine if the content triggers a detection. A keyword list must satisfy your chosen criteria before IMSS subjects it to a policy.
Expressions are a powerful string-matching tool. Ensure that you are comfortable with expression syntax before creating expressions. Poorly written expressions can dramatically impact performance. When creating expressions:
  • Note that IMSS follows the expression formats defined in Perl Compatible Regular Expressions (PCRE). For more information on PCRE, visit http://www.pcre.org/.
  • Refer to the predefined expressions for guidance on how to define valid expressions.
  • Start with simple expressions. Modify the expressions if they are causing false alarms or fine tune them to improve detections.
  • There are several criteria that you can choose from when creating expressions. An expression must satisfy your chosen criteria before IMSS subjects it to a policy.