How to show signature definition delta

Unanswered Question
Aug 17th, 2007
User Badges:

Is there a way to show just the modifications / tuning changes made to a default downloaded signature set?


Background - I've downloaded a signature set, tuned a specific signature-id to a deny event-action, and from what I understand changes are recorded in a sigdef-delta.xml file.


What I'm hoping to be able to do is issue a command that allows us just to identify the detlas in order to avoid a bunch of documentation.


Any help?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
attmidsteam Wed, 08/22/2007 - 07:52
User Badges:
  • Silver, 250 points or more

If you type 'sh conf' on the CLI on a modern 5.x sensor you will only get the configuration differences (such as different event-actions or different summary keys). The only alternative is to parse out the XML (found on the underlying OS) which is a pain to do (since the XML format isn't completely consistent).

Actions

This Discussion