We are an MSP and are evaluating Cisco CSM to manage about 50 IDS/IPS devices. Each of these devices has their own customer signature policy.
Does anyone use it in their production environments? Do you find it useful?
Regarding policy management for devices that already have a signature policy, I know you can discover the policy, what we want to do is take the current discovered policy, modify it if we need to and then re-deploy it to the device. I'm finding that this is all read only once the policy is discovered.
Is there a way to modify the signature, for example, adding a logging parameter and then re-deploy?
Just curious if others had similar experiences with CSM.