Remarks and restrictions
- Custom patterns are exclusively asq patterns (cf. section Contents of a context-based signature file). It is a simple policy that is meant to activate a security policy and raise the associated alarm.
- Pattern IDs must always be higher than 4096,
- Any given context accepts a maximum of 2048 signatures,
- Patterns may not contain more than 256 regular expressions (variants),
- All contexts that group definitions of custom patterns are grouped in a single file (named CustomPatterns.in in the example).
Context-based signatures may consume a lot of processor resources and memory, especially when the regular expressions that they contain do not impose any limits on the number of characters for a given search.