Automatic update for IPS on Cisco`s site

Answered Question
Oct 16th, 2008

Hi all,

with Cisco Service for IPS active my IPS that run in ASA module will be able to download the signatures on Cisco`s Web site and update them alone?

thanks for your help. "Together we are even better"

I have this problem too.
0 votes
Correct Answer by uchimaku about 8 years 3 months ago

Yes, If you are running IPS 6.1(1) you can configure a schedule on the sensor to check for any signature updates on CCO , download and install them.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
uchimaku Thu, 10/16/2008 - 17:41

Yes, If you are running IPS 6.1(1) you can configure a schedule on the sensor to check for any signature updates on CCO , download and install them.

Farrukh Haroon Sat, 10/18/2008 - 13:11

But please note that even tough its 'possible', its always better to do this manually. Sometimes some signatures generate a lot of false positives and its a good idea to check here on netpro and other places for any problems others are facing before applying signature updates (in production). However most signatures only produce alerts, so its just the noise that will worry ya and 'usually' signature updates don't break anything on the network.

Regards

Farrukh

rodrigo.cisco Sat, 10/18/2008 - 18:03

Farrukh, Tks for you answer!!!

Could you explain me better why the signature update usually dont break anything? All this (security world) is very new for me.

Thanks you so much

Rodrigo Alves

Farrukh Haroon Sat, 10/18/2008 - 21:40

Rodrigo that is the case because Cisco usually keeps signatures to only 'Product Alert' by default, and no block/deny actions are performed. The only notable exception is the TCP normalization engine.

Regards

Farrukh

Actions

This Discussion