03-20-2009 06:33 AM - edited 03-10-2019 04:33 AM
It appears the S387 signature set contains quite a few new signatures. Many of the signatures are disabled by default, and the ones that I checked are for older vulnerabilities.
Is this simply a back-fill of older vulnerabilities using the newer engine capabilities, or is there another effort going on behind the scenes?
Solved! Go to Solution.
03-27-2009 07:58 AM
You pretty much nailed it the first time.
To keep it short, we are leveraging new engine technologies to back-fill coverage as well as responding to customer requests for specific coverage. Many of these requests are for older vulnerabilities that we don't feel are broadly applicable so we are creating the signatures but releasing them retired. We're leaving the decision up to the end customer to unretire the signatures if its something you feel you want or need.
We'll be slowly releasing more signatures in upcoming updates, so expect more to come, but similar in nature.
03-26-2009 09:19 AM
All signature updates are cumulative. The S387 signature update contains all previously released signature updates.
You must have a valid Cisco Services for IPS contract per sensor to receive and use software upgrades including
signature updates from Cisco.com.
A Cisco Services for IPS Services License is required for the installation of all signature updates. The Cisco Services
for IPS Services License can be requested from http://www.cisco.com/go/license for all sensors covered by a
maintenance contract.
The S387 signature update can ONLY be applied to E3 sensors.
03-26-2009 11:42 AM
I realize the signature sets are cumulative. It seemed the S387 set had a much larger than usual number of "new" signatures, some for of the new signatures for vulnerabilities that have been around for a while.
I am interested in why the large number of "new" signatures in S387.
03-27-2009 07:58 AM
You pretty much nailed it the first time.
To keep it short, we are leveraging new engine technologies to back-fill coverage as well as responding to customer requests for specific coverage. Many of these requests are for older vulnerabilities that we don't feel are broadly applicable so we are creating the signatures but releasing them retired. We're leaving the decision up to the end customer to unretire the signatures if its something you feel you want or need.
We'll be slowly releasing more signatures in upcoming updates, so expect more to come, but similar in nature.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: