This topic describes how to write Windows custom signatures.
The class section value depends on the nature of the security issue and on the protection the rules can offer. For Windows these value are available:
Class
|
When to use
|
---|---|
Files
|
For file or directory operations. See Class Files.
|
Isapi
|
For monitoring request to IIS. See Class Isapi.
|
Registry
|
For Registry key and value operations. See Class Registry.
|
Services
|
For Services operations. See Class Services.
|