Managing custom intrusion signatures