The file_type and file_group Keywords

file_type

The file_type keyword allows you to specify the file type and version of a file detected in traffic. File type arguments (for example, JPEG and PDF) identify the format of the file you want to find in traffic.

Note	Do not use the `file_type` keyword with another `file_type` or `file_group` keyword in the same intrusion rule.

The system selects Any Version by default, but some file types allow you to select version options (for example, PDF version 1.7) to identify specific file type versions you want to find in traffic.

file_group

The file_group keyword allows you to select a Cisco-defined group of similar file types to find in traffic (for example, multimedia or audio). File groups also include Cisco-defined versions for each file type in the group.

Note	Do not use the `file_group` keyword with another `file_group` or `file_type` keyword in the same intrusion rule.