IPS Signatures Info

Unanswered Question
Jul 15th, 2009
User Badges:
  • Bronze, 100 points or more

Hi,


I've recently installed AIP-SSM-20 in the ASA, I need to know the following info.


1. Is keeping the latest sig.def file (Sig.420) with default actions, will be sufficient for the protection?


2. If I change any one signature behavior, what will happen when Sensor is updated with new sig def file? The signature which is modified will present or it will be over written?


Thanks in adv.


BR

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
rhermes Wed, 07/15/2009 - 07:06
User Badges:
  • Gold, 750 points or more

The most current signature release is S413, released 7/13/09. That is your best starting point for coverage. Anaysis and tuning of your signatures over time will improve your ability to detect and react to intrusions.

Once you modify (tune) a signature, new OS and signature versions should not overwrite your settings. (rarely they do, but that is considered a bug and we yell about those things)

Actions

This Discussion