Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
417
Views
4
Helpful
1
Replies

IPS Signatures Info

aijaz802
Level 1
Level 1

‎07-15-2009 01:13 AM - edited ‎03-10-2019 04:42 AM

Hi,

I've recently installed AIP-SSM-20 in the ASA, I need to know the following info.

1. Is keeping the latest sig.def file (Sig.420) with default actions, will be sufficient for the protection?

2. If I change any one signature behavior, what will happen when Sensor is updated with new sig def file? The signature which is modified will present or it will be over written?

Thanks in adv.

BR

Labels:
0 Helpful
1 Reply 1

rhermes
Level 7
Level 7

‎07-15-2009 07:06 AM

The most current signature release is S413, released 7/13/09. That is your best starting point for coverage. Anaysis and tuning of your signatures over time will improve your ability to detect and react to intrusions.

Once you modify (tune) a signature, new OS and signature versions should not overwrite your settings. (rarely they do, but that is considered a bug and we yell about those things)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card