docs: Freshness review for idps-signature-categories.md

- Updated ms.date to 12/31/2025
- Verified all IDPS signature categories current
- Confirmed 50+ categories and override behavior documentation accurate
- Validated link to premium-features.md

Author: duongau

articles/firewall/idps-signature-categories.md

@@ -5,7 +5,7 @@ author: duongau
 ms.service: azure-firewall
 services: firewall
 ms.topic: overview
-ms.date: 12/15/2021
+ms.date: 12/31/2025
 ms.author: duau
 # Customer intent: "As a security analyst, I want to understand the Azure Firewall IDPS signature rule categories, so that I can effectively monitor and mitigate potential threats within my network."
 ---
@@ -25,7 +25,7 @@ You can override the action for most IDPS signatures to Off, Alert, or Deny. Som
 
 |Category |Description |
 |---------|---------|
-|3CORESec|This category is for signatures that are generated automatically from the 3CORESec team’s IP blocklists. These blocklists are generated by 3CORESec based on malicious activity from their Honeypots.|
+|3CORESec|This category is for signatures that are generated automatically from the 3CORESec team’s IP block lists. These blocklists are generated by 3CORESec based on malicious activity from their Honeypots.|
 |ActiveX|This category is for signatures that protect against attacks against Microsoft ActiveX controls and exploits targeting vulnerabilities in ActiveX controls.|
 |Adware-PUP|This category is for signatures to identify software that is used for ad tracking or other types of spyware related activity.|
 |Attack Response|This category is for signatures to identify responses indicative of intrusion—examples include but not limited to LMHost file download, presence of certain web banners and the detection of Metasploit Meterpreter kill command. These signatures are designed to catch the results of a successful attack. Things like *ID=root*, or error messages that indicate a compromise might have happened.|