Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Good link to sig definitions needed.

Does anyone know a good link to sig definitions for the Cisco IPS that does what each one does?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Good link to sig definitions needed.

The MYSDN site has the signatures and their associated descriptions. Please refer to the link below:

http://tools.cisco.com/MySDN/Intelligence/home.x

I hope that helps.

Jonathan

6 REPLIES
New Member

Re: Good link to sig definitions needed.

The MYSDN site has the signatures and their associated descriptions. Please refer to the link below:

http://tools.cisco.com/MySDN/Intelligence/home.x

I hope that helps.

Jonathan

New Member

Re: Good link to sig definitions needed.

I wonder if these descriptions are the same

that comes with IDM sig updates (.zip)

tk

Gold

Re: Good link to sig definitions needed.

No, they are not always in sync. See sig id 3030.

Cisco Employee

Re: Good link to sig definitions needed.

The signature descriptions & benign triggers section are the same.

I just checked 3030 as was mentioned and I see the same description and benign triggers on MySDN, IEV, and in the NSDB.tar file packaged with the MC updates. Where are you seeing a difference?

Gold

Re: Good link to sig definitions needed.

At one time I believe they were not. The description for 3030 was updated on MySDN. It was probably eventually also updated with an update to IEV or IDS MC....I just hadn't updated yet. It looks like there is different information in both (neither seems to be a mere subset of the other). Which makes me wonder, is there some process by which one is derived from the other so that they stay in sync?

Cisco Employee

Re: Good link to sig definitions needed.

There are 2 distinct sources, signature descriptions and vulnerability records.The NSDB is built from each at each release. What you see on MySDN is a more interactive version of the NSDB plus more vulnerability information. But in either case, the source of the information is the same and so should be in sync. However, it's possible that there are a few signatures out of sync - could have happened in some moving around of databases in the not too distant past... that's probably what you remember regarding the 3030 sig information... Anyway, I'm trying to not get stuck on details here... in the end, there are two distinct sources we use and the NSDB is built fresh at each release, we can't really rebuild MySDN at each release. There really shouldn't be any discrepancies in data *since* MySDN was brought up, but it's possible that something happened just prior to that and we may have data out of sync.

If you see a discrepancy, by all means please bring it to our attention, and we'll fix it.

I hope I didn;t just confuse the issue more with this post.

166
Views
0
Helpful
6
Replies
CreatePlease to create content