Object Type | Description | Match Types | Negative Matching | Extra Properties |
ActiveX ClassID | Class ID of an Active-X component. For example, ClassID of Gator Active-X component is “c1fb8842-5281-45ce-a 271-8fd5f117ba5f” | Exact | No | None |
Application Category List | Allows specification of application categories, such as Multimedia., P2P, or Social Networking | N/A | No | None |
Application List | Allows specification of individual applications within the application category that you select | N/A | No | None |
Application Signature List | Allows specification of individual signatures for the application and category that you select | N/A | No | None |
Custom Object | Allows specification of an IPS-style custom set of conditions | Exact | No | There are 4 additional, optional parameters that can be set: offset (describes from what byte in packet payload we should start matching the pattern – starts with 1; helps minimize false positives in matching), depth (describes at what byte in the packet payload we should stop matching the pattern – starts with 1), minimum payload size and maximum payload size. |
Email Body | Any content in the body of an email. | Partial | No | None |
Email CC (MIME Header) | Any content in the CC MIME Header. | Exact, Partial, Prefix, Suffix | Yes | None |
Email From (MIME Header) | Any content in the From MIME Header. | Exact, Partial, Prefix, Suffix | Yes | None |
Email Size | Allows specification of the maximum email size that can be sent. | N/A | No | None |
Email Subject (MIME Header) | Any content in the Subject MIME Header. | Exact, Partial, Prefix, Suffix | Yes | None |
Email To (MIME Header) | Any content in the To MIME Header. | Exact, Partial, Prefix, Suffix | Yes | None |
MIME Custom Header | Allows for creation of MIME custom headers. | Exact, Partial, Prefix, Suffix | Yes | A Custom header name needs to be specified. |
File Content | Allows specification of a pattern to match in the content of a file. The pattern will be matched even if the file is compressed. | Partial | No | ‘Disable attachment’ action should never be applied to this object. |
Filename | In cases of email, this is an attachment name. In cases of HTTP, this is a filename of an uploaded attachment to the Web mail account. In cases of FTP, this is a filename of an uploaded or downloaded file. | Exact, Partial, Prefix, Suffix | Yes | None |
Filename Extension | In cases of email, this is an attachment filename extension. In cases of HTTP, this is a filename extension of an uploaded attachment to the Web mail account. In cases of FTP, this is a filename extension of an uploaded or downloaded file. | Exact | Yes | None |
FTP Command | Allows selection of specific FTP commands. | N/A | No | None |
FTP Command + Value | Allows selection of specific FTP commands and their values. | Exact, Partial, Prefix, Suffix | Yes | None |
HTTP Cookie Header | Allows specification of a Cookie sent by a browser. | Exact, Partial, Prefix, Suffix | Yes | None |
HTTP Host Header | Content found inside of the HTTP Host header. Represents hostname of the destination server in the HTTP request, such as www.google.com. | Exact, Partial, Prefix, Suffix | Yes | None |
HTTP Referrer Header | Allows specification of content of a Referrer header sent by a browser – this can be useful to control or keep stats of which Web sites redirected a user to customer’s Web site. | Exact, Partial, Prefix, Suffix | Yes | None |
HTTP Request Custom Header | Allows handling of custom HTTP Request headers. | Exact, Partial, Prefix, Suffix | Yes | A Custom header name needs to be specified. |
HTTP Response Custom Header | Allows handling of custom HTTP Response headers. | Exact, Partial, Prefix, Suffix | Yes | None |
HTTP Set Cookie Header | Set-Cookie headers. Provides a way to disallow certain cookies to be set in a browser. | Exact, Partial, Prefix, Suffix | Yes | None |
HTTP URI Content | Any content found inside of the URI in the HTTP request. | Exact, Partial, Prefix, Suffix | No | None |
HTTP User-Agent Header | Any content inside of a User-Agent header. For example: User-Agent: Skype. | Exact, Partial, Prefix, Suffix | Yes | None |
Web Browser | Allows selection of specific Web browsers (MSIE, Netscape, Firefox, Safari, Chrome). | N/A | Yes | None |
IPS Signature Category List | Allows selection of one or more IPS signature groups. Each group contains multiple pre-defined IPS signatures. | N/A | No | None |
IPS Signature List | Allows selection of one or more specific IPS signatures for enhanced granularity. | N/A | No | None |