Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Automating IPS signature downloads

Greetings all.

I'm looking for a scripted way to automate downloads of 4.x/5.x signature updates from the Cisco.com site using my CCO login/pass. For example, a Perl or shell script possibly hooked into wget (or other?), all running regularly via cron. Does anyone have experience with this?

I have scripted ways to install signatures updates via the CLI, just trying to automate the initial download part. Thanks for any assistance.

4 REPLIES
Silver

Re: Automating IPS signature downloads

The Cisco IPS Sensor software v5 helps users stop more threats with greater confidence through the use of the following elements:

---Accurate inline prevention technologies-Provides unparalleled confidence to take preventive action on a broader range of threats without the risk of dropping legitimate traffic. These unique technologies offer intelligent, automated, contextual analysis of your data and help ensure you are getting the most out of your intrusion prevention solution.

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_data_sheet0900aecd801e6a45.html

Gold

Re: Automating IPS signature downloads

Your first obstacle will be coming up with a solution to determine the correct URL to use. For example the latest is:

http://ftp-sj.cisco.com/cisco/ciscosecure/ips/5.x/sigup/IPS-sig-S208-minreq-5.0-1.pkg

You could fetch http://www.cisco.com/cgi-bin/tablebuild.pl/ips5-sigup?sort=filename

and parse out the most recent sig URL from the HTML. Another alternative would be to have the Cisco "new sig" email notifications go to a process account. Then, parse that email (I believe text formats are supported) for the URL.

a simple wget with your CCO credentials will work once you have come up with the URL.

It's likely to be brittle since it depends on Cisco for a lot (timely email's, good dates in the HTML returned, etc). IMHO, it's a Very Bad Idea...but should be technically possible.

New Member

Re: Automating IPS signature downloads

I can't really help you with the scripting, but if you're running five attacks and the latest VMS. Rumor has it this feature is available. Options below:

IPS MC polls CCO for updates. The user has 3 choices in IPS MC 2.2 when dealing with signature updates.

1) Check only - This allows the IPS MC to check for new updated and notify the user

2) Check and download - This checks for new updates and downloads them to the IPS MC

3) Check, download, auto-update - This checks for new updates, downloads and automatically pushes them out to sensors.

New Member

Re: Automating IPS signature downloads

All

Greg is correct.

IPS MC 2.2 was released 16 December with fully automatic updates.

Enabling Automatic Updates

1) Check for sigupdates and notify the user

2) Check and download sigupdates and notify the user

3) Check, download, and automatically push the updates to the device.

You can select which sensor you want automatically updated

1) Disable

2) Enable Sigupdates only

3) Enable Sigupdates, patches, service pack, and minor version updates.

314
Views
1
Helpful
4
Replies
CreatePlease to create content