Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to deploy custom signatures to a group of IPS using CSM

Hi folks,

I started scratching my head after realizing that I need to have a custom set of signatures trimmed to fit the clients requirement. Let's assume I disabled and retired not needed signatures and tuned others, making one staging IPS trimmed and ready to fire only those relevant signatures. Now my question is about how to deploy this prepared signatures to other live IPS sensors? And the most important question. Is there a mechanism that keeps those previously deployed signatures after signatures update from Cisco site ?

Eugene

6 REPLIES
Gold

Re: How to deploy custom signatures to a group of IPS using CSM

Yes, CSM has this feature.

Edit the signatures on one sensor, including you custom sigs. Then make a Policy from that sensor's signature setting. This policy can be applied to any of your other sensors in CSM.

New and changed signature updates should not alter your custom (non-default) signature settings. (but rarely they do when Cisco messes up, so keep track of your current settings somwhere safe)

New Member

Re: How to deploy custom signatures to a group of IPS using CSM

Hi Hermes,

I was away for some other assignments and projects and didn't have a chance to try what you suggested.

If you don't mind can you please provide your comments and details on how to do it.

1) I'm editing signatures through CSM, changing their alert actions, number of counts and so on to suit the client's environment. By the way I have to change the Source Policy from Default to Local to do it, haven't I ?

2) How will I "make a Policy from that sensor's signature setting" ? Should I right-click on the Signatures (see attached printscreen called Signatures tuning1.jpg) or go to Policy View and create a new signature policy similar to the printscreen Signatures tuning2.jpg ?

3) When I assign the sensor to this newly created IPS Signatures Shared Policy I end up with a warning. How should I proceed ? See Signatures tuning3.jpg

New Member

Re: How to deploy custom signatures to a group of IPS using CSM

And there's one more thing I'd like to clear, turns out there's no way to apply license to the sensor from CSM. Should it be only done from IME or IDM? What's the purpose of CSM if there's no way to do such a routine task?

Gold

Re: How to deploy custom signatures to a group of IPS using CSM

CSM can automaticly push sensor licenses to sensors;

go to Tools > Administration > Licenses

(after you configure CSM with your CCO credentials) go to the IPS Tab and hit the "Update Selected via CCO" button.

New Member

Re: How to deploy custom signatures to a group of IPS using CSM

Hm...

Thanks a lot!!!

I'm under the impression that Cisco intentionally hid it. It's so far away from the eyes of the beholder ;)

And I actually was there but didn't see the tab with IPS.

New Member

Re: How to deploy custom signatures to a group of IPS using CSM

Any luck on my previous question regarding signatures customization ?

309
Views
0
Helpful
6
Replies