exporting rules

Answered Question
Mar 16th, 2010
User Badges:

Is there a way to export the rules off the IPS so the actual rules can exported?  I am using a 4240 6.x IPS and through the GUI I am able to export a "summary" of the rules, but not the actual rules themselves.


Is there a way to do this through the CLI or GUI?


Let me know if this is confusing

Thanks


Evan

Correct Answer by jan.nielsen about 7 years 3 months ago

No, your "rules" are put into the configurations, signatures from cisco are downloaded in a compiled format and installed on the sensors harddrive as files, and compiled into the signature database. I don't think you can see any more details about a signature in the cli, than you can in the GUI, but i may be wrong

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
jan.nielsen Tue, 03/16/2010 - 14:39
User Badges:
  • Gold, 750 points or more

I assume you are talking about the tuning rules you have created yourself and such ? if so, then just backup the config from the cli or the GUI, all the config is in there, actual signatures can't be backed up, they need to be reinstalled on the sensor if you have a restore situation.

evanleeseberg Tue, 03/16/2010 - 15:21
User Badges:


So rules I have created (custom signatures) are not treated as actual rules (they are not stored in the same place as Cisco's rules)? Are the actual rules Cisco developed accessible through the CLI for viewing?

Correct Answer
jan.nielsen Wed, 03/17/2010 - 05:56
User Badges:
  • Gold, 750 points or more

No, your "rules" are put into the configurations, signatures from cisco are downloaded in a compiled format and installed on the sensors harddrive as files, and compiled into the signature database. I don't think you can see any more details about a signature in the cli, than you can in the GUI, but i may be wrong

Actions

This Discussion