Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NM-CIDS auto update

Hi;

We have a 2811 with NM-CIDS module. How can i get it to automatically update IPS signatures. There is a menu whick asks for username,password and an IP address. Username and password are OK, but what is the ip address. How can i configure it for auto update...

And is there anyone knows which frequency does cisco renew IPS signatures..

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: NM-CIDS auto update

The sensor (NM-CIDS in your case) can not automatically pull new signature updates from cisco.com.

The auto update feature is to allow the sensor (NM-CIDS) to automatically pull new signature updates from one of your own internal ftp or scp servers. You will have to manually download the new files from cisco.com and place them on your ftp or scp server. So the IP Address in the configuration is your own ftp or scp server ip address.

Now CSM (Cisco Security Manager) IS able to automatically pull new signature updates from cisco.com. CSM can then automatically push them out to your sensors. So if you want automatic downloads from cisco.com, then you will need to purchase CSM to manage your sensors.

How often are new signatures released?

The longest time between signature updates will be about 2 weeks. It depends on how bad the latest vulnerabilities are. If a new bad vulnerability comes out, then the signature update gets sent out immmediately for that vulnerability. Otherwise signatures for several vulnerabilities get combined together and get sent out on a more regular basis between 1 and 2 weeks since the last regular update.

1 REPLY
Cisco Employee

Re: NM-CIDS auto update

The sensor (NM-CIDS in your case) can not automatically pull new signature updates from cisco.com.

The auto update feature is to allow the sensor (NM-CIDS) to automatically pull new signature updates from one of your own internal ftp or scp servers. You will have to manually download the new files from cisco.com and place them on your ftp or scp server. So the IP Address in the configuration is your own ftp or scp server ip address.

Now CSM (Cisco Security Manager) IS able to automatically pull new signature updates from cisco.com. CSM can then automatically push them out to your sensors. So if you want automatic downloads from cisco.com, then you will need to purchase CSM to manage your sensors.

How often are new signatures released?

The longest time between signature updates will be about 2 weeks. It depends on how bad the latest vulnerabilities are. If a new bad vulnerability comes out, then the signature update gets sent out immmediately for that vulnerability. Otherwise signatures for several vulnerabilities get combined together and get sent out on a more regular basis between 1 and 2 weeks since the last regular update.

105
Views
0
Helpful
1
Replies
CreatePlease to create content