Setup

Do this procedure to add a new scriptable protocol.

Note:
If you want to extend a protocol that has already been implemented, refer to Script parameters before you do this procedure.
To add a new scriptable protocol there are two options:
  1. Explicit configuration
  2. Handle as custom user contents

Explicit configuration

  1. Copy the Lua script in /data/scriptable_protocols/
  2. Configure Guardian with this rule conf.user configure probe scriptable-protocol <protocol_name> <script_name> in command-line interface (CLI)(<script_name> is the name of the file including the extension)
  3. There is no need to restart the intrusion detection system (IDS) after the scriptable protocol configuration: the system will automatically activate it (alongside any other scriptable protocols already configured)

Custom user contents

This option is available only when the sensor is managed by Vantage.

  1. Make sure that the scriptable protocol parameters (most importantly, the name) have been set via comments in the script body.
  2. Administer the script via the Scriptable Protocols section in the Contents Management section of the Vantage Administration page.
  3. There is no need to restart the IDS: the newly configured scriptable protocol will be distributed to all sensors managed by Vantage and will be automatically activated, alongside all those that have been explicitly configured.

After these steps the new protocol is loaded in Guardian and will analyze the network traffic.