As I said in my previous post today, we are evaluating CSM for 50 IDS/IPS 4000/IDSM sensors. Questions about policy management:
Can I take the default policy, modify signatures and deploy it down to the sensor?
Or, do I have to clone every signature in the default policy, and create a new policy and then deploy it?
When you add a device into the CSM that already has a local policy, it appears the signatures are read-only. How would I change the settings, example, add a logging parameter and then re-deploy?