Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPS Signatures - Where do they come from and how are they enforced?

Ok i have heard different stories on this. At first I heard Trend makes these and is the reason for the licensing in the past few years. Another internal source tells me that cisco has a signature creation group/committee internally that creates these. Whats the skinny? Also, when a know vulnerability is seen out on the internet and a CVE is associated with it, what is the delta in time before this "internal committee" decides to create them as a cisco sig? Can anyone indicate the policy cisco goes through on the decisions and how long this usually takes? Lastly, Cisco sends new sigs all the time, weekly nowadays. In those new sig sets are retired sigs. Why have retired sigs sent in a new sig set ? or are these sigs stricly retiring the old sigs already in the system ? How does cisco decide to retire a sig, what process dloes it go through?



Jim Thomas Cisco Security Course Director Global Knowledge CCIE Security #16674
New Member

Re: IPS Signatures - Where do they come from and how are they e

I am also wondering this myself, can anyone enlighten us?