Release Notes for IPS Signatures available via direct URL?

Answered Question
Jun 19th, 2009

Is there some URL I can refer to coworkers so they may review the current and any past IPS signature release note(s)? The only way I have found to access them is through the slow multistep download section, and some coworkers I am sure will not find that acceptable. You know how some office environments can be, right?

Thanks.

I have this problem too.
0 votes
Correct Answer by marcabal about 7 years 5 months ago

The answer depends on what specifically you are wanting to provide.

If you are just looking for the main part of the readme which lists the modified and new signatures, then you can download the latest one and it has all that information for the last several sig updates:

Here is the link to the S407 Readme

http://www.cisco.com/web/software/282549755/27019/IPS-sig-S407.readme.txt

You can look to the bottom and find the Sig information all the way back to S339.

If you are looking for a quick way for your coworkers to see the signature list for upcoming sig updates, then check the Cisco IPS Active Update Bulletins Archive on cisco.com:

http://tools.cisco.com/security/center/bulletin.x?i=57

Each Bulletin will list the signature modified or new in the signature update.

They are date labeled instead of sig update release labeled.

If you want the actual readme files for the signature updates, then you might also try going to this page:

http://www.cisco.com/cgi-bin/tablebuild.pl/ipsmc-ips5-sigup

This is the page where signature update files can be manually downloaded for the VMS or CSM management tools.

The signature readme files posted here are also the same for the sensor.

The advantage that this page has, is that all of the files can at least be accesssed from a single page.

NOTE: Older readmes can be accessed in the archive location for the above page:

http://www.cisco.com/cgi-bin/tablebuild.pl/ipsmc-ips-sigup-arch

Hope one of these options will work for you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
marcabal Fri, 06/19/2009 - 14:38

The answer depends on what specifically you are wanting to provide.

If you are just looking for the main part of the readme which lists the modified and new signatures, then you can download the latest one and it has all that information for the last several sig updates:

Here is the link to the S407 Readme

http://www.cisco.com/web/software/282549755/27019/IPS-sig-S407.readme.txt

You can look to the bottom and find the Sig information all the way back to S339.

If you are looking for a quick way for your coworkers to see the signature list for upcoming sig updates, then check the Cisco IPS Active Update Bulletins Archive on cisco.com:

http://tools.cisco.com/security/center/bulletin.x?i=57

Each Bulletin will list the signature modified or new in the signature update.

They are date labeled instead of sig update release labeled.

If you want the actual readme files for the signature updates, then you might also try going to this page:

http://www.cisco.com/cgi-bin/tablebuild.pl/ipsmc-ips5-sigup

This is the page where signature update files can be manually downloaded for the VMS or CSM management tools.

The signature readme files posted here are also the same for the sensor.

The advantage that this page has, is that all of the files can at least be accesssed from a single page.

NOTE: Older readmes can be accessed in the archive location for the above page:

http://www.cisco.com/cgi-bin/tablebuild.pl/ipsmc-ips-sigup-arch

Hope one of these options will work for you.

bnidacoc Mon, 06/22/2009 - 04:53

Thanks, your first two links are perfect options for those who do not want to receive email updates, but want the latest information now, when they want it. Since this is a public forum, I really can't go into the background, but the publically accessible links (i.e. not requiring a CCO account with download access) are perfect.

Actions

This Discussion