If I understand the release notes correctly, sig 6979, is default disabled per S366. I am well passed that release and on the 6.1(2)E3 engine.
However, this alarm fires from our proxy server as the attacker. Researching I find in the Cisco Security Search site, http://tools.cisco.com/security/center/search.x?search=Signature, that this sig is currently disabled. Reviewing release notes, it appears to have been disabled in S366. Examining my signature 6979, it is neither disabled nor âtuned.â When I uncheck the âEnabledâ box, only then does the sig become âtuned.â
I do not recall ever specifically enabling this signature.
My greater concern is that I thought I would be operating on the Cisco defaults. I thought that when Cisco disables a signature at some signature release, on that release or later that sig would be disabled on my system.
Have I done something wrong in my update process with the signatures? I used the command line, not the GUI, for signatures and engine upgrades BTW.
Some signatures can be tuned. Tuning signatures at the group level can become complex, because a group can have any sensors of any version. If you need to tune a signature at the group level, and the group involved has different micro-engines, the IDS MC GUI shows you a context. The context uniquely identifies a grouping of signature versions and a signature micro-engine.
Well, I was not trying to tune anything. This Sig which according to Cisco Signature Release Notes was reportedly disabled, however it was actually enabled and NOT classified as "tuned." The absence of the "tuned" state means I did not accidentally or unknowingly enable it.
As there was no activity from the forum, I opened up a ticket with TAC and it was reported to me that the sig was accidentally re-enabled in various signature releases.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :