cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
535
Views
5
Helpful
2
Replies

Signature listing

mikedawson2005
Level 1
Level 1

Ok, I know that there are about a gazillion signatures, but, is there anyplace where I can find a complete listing of all the current signatures and their relative suggested severity levels without having to go into IDM to get them?

I've searched the Cisco site to no avail.

Thanks,

Mike

2 Replies 2

marcabal
Cisco Employee
Cisco Employee

IDM is actually the best place to "get" the list, but may not be the best place to filter and sort and look through the list.

What you can do is bring up IDM, go to the "Policies" configuration, then go to Signature Definitions->sig0->All Signatures.

Now here is something many people may not be aware of. You can export this list to a comma separated file.

Select the top signature.

Scroll down the bottom of the list.

Hold down the Shift Key and select the last signature. This causes the selection of ALL signatures.

Now Right click and select Export->Comma Separated Values.

Sve the file to your desktop and open with your favorite spreadsheet tool.

Now you can sort and filter all you want.

Keep in mind it shows you the "current" settings for the signatures. So if you've tuned anything it will show you your tunnings rather than the default.

If you've done tunings, but want to see the defaults, then instead of exporting from "sig0" you would want to create a "sig1" (or use another name) to create a brand new signature configuration. And then export from that new configuration before making any tunings.

The other alternative is to use Securty Center on cisco.com:

http://tools.cisco.com/security/center/search.x?type=i&order=

You can sort by any of the column headings, and use the fields at the top of the page for filtering.

The biggest limitation, however, is that it only shows you 10 signatures at a time, and I am not aware of a method to increase that count or allow you to export the results.

So I generally would recommend exporting from IDM and using the comma separate file for most of your rogh filtering, sorting, and searching. And then going to Security Center on cisco.com when you need information about specific signatures and you can use the filters to get to those specific signature IDs.

mikedawson2005
Level 1
Level 1
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: