Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

S387 Signature set contains quite a few new signatures

It appears the S387 signature set contains quite a few new signatures. Many of the signatures are disabled by default, and the ones that I checked are for older vulnerabilities.

Is this simply a back-fill of older vulnerabilities using the newer engine capabilities, or is there another effort going on behind the scenes?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: S387 Signature set contains quite a few new signatures

You pretty much nailed it the first time.

To keep it short, we are leveraging new engine technologies to back-fill coverage as well as responding to customer requests for specific coverage. Many of these requests are for older vulnerabilities that we don't feel are broadly applicable so we are creating the signatures but releasing them retired. We're leaving the decision up to the end customer to unretire the signatures if its something you feel you want or need.

We'll be slowly releasing more signatures in upcoming updates, so expect more to come, but similar in nature.

3 REPLIES
Silver

Re: S387 Signature set contains quite a few new signatures

All signature updates are cumulative. The S387 signature update contains all previously released signature updates.

You must have a valid Cisco Services for IPS contract per sensor to receive and use software upgrades including

signature updates from Cisco.com.

A Cisco Services for IPS Services License is required for the installation of all signature updates. The Cisco Services

for IPS Services License can be requested from http://www.cisco.com/go/license for all sensors covered by a

maintenance contract.

The S387 signature update can ONLY be applied to E3 sensors.

New Member

Re: S387 Signature set contains quite a few new signatures

I realize the signature sets are cumulative. It seemed the S387 set had a much larger than usual number of "new" signatures, some for of the new signatures for vulnerabilities that have been around for a while.

I am interested in why the large number of "new" signatures in S387.

Cisco Employee

Re: S387 Signature set contains quite a few new signatures

You pretty much nailed it the first time.

To keep it short, we are leveraging new engine technologies to back-fill coverage as well as responding to customer requests for specific coverage. Many of these requests are for older vulnerabilities that we don't feel are broadly applicable so we are creating the signatures but releasing them retired. We're leaving the decision up to the end customer to unretire the signatures if its something you feel you want or need.

We'll be slowly releasing more signatures in upcoming updates, so expect more to come, but similar in nature.

151
Views
0
Helpful
3
Replies