Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

IPS Signatures Info

Hi,

I've recently installed AIP-SSM-20 in the ASA, I need to know the following info.

1. Is keeping the latest sig.def file (Sig.420) with default actions, will be sufficient for the protection?

2. If I change any one signature behavior, what will happen when Sensor is updated with new sig def file? The signature which is modified will present or it will be over written?

Thanks in adv.

BR

1 REPLY
Gold

Re: IPS Signatures Info

The most current signature release is S413, released 7/13/09. That is your best starting point for coverage. Anaysis and tuning of your signatures over time will improve your ability to detect and react to intrusions.

Once you modify (tune) a signature, new OS and signature versions should not overwrite your settings. (rarely they do, but that is considered a bug and we yell about those things)

135
Views
4
Helpful
1
Replies
CreatePlease login to create content