cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
482
Views
0
Helpful
4
Replies

Automatic update for IPS on Cisco`s site

rodrigo.cisco
Level 4
Level 4

Hi all,

with Cisco Service for IPS active my IPS that run in ASA module will be able to download the signatures on Cisco`s Web site and update them alone?

thanks for your help. "Together we are even better"

1 Accepted Solution

Accepted Solutions

uchimaku
Cisco Employee
Cisco Employee

Yes, If you are running IPS 6.1(1) you can configure a schedule on the sensor to check for any signature updates on CCO , download and install them.

View solution in original post

4 Replies 4

uchimaku
Cisco Employee
Cisco Employee

Yes, If you are running IPS 6.1(1) you can configure a schedule on the sensor to check for any signature updates on CCO , download and install them.

Farrukh Haroon
VIP Alumni
VIP Alumni

But please note that even tough its 'possible', its always better to do this manually. Sometimes some signatures generate a lot of false positives and its a good idea to check here on netpro and other places for any problems others are facing before applying signature updates (in production). However most signatures only produce alerts, so its just the noise that will worry ya and 'usually' signature updates don't break anything on the network.

Regards

Farrukh

Farrukh, Tks for you answer!!!

Could you explain me better why the signature update usually dont break anything? All this (security world) is very new for me.

Thanks you so much

Rodrigo Alves

Rodrigo that is the case because Cisco usually keeps signatures to only 'Product Alert' by default, and no block/deny actions are performed. The only notable exception is the TCP normalization engine.

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: