Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
553
Views
0
Helpful
3
Replies

S387 Signature set contains quite a few new signatures

Go to solution
srdroppers
Level 1
Level 1

‎03-20-2009 06:33 AM - edited ‎03-10-2019 04:33 AM

It appears the S387 signature set contains quite a few new signatures. Many of the signatures are disabled by default, and the ones that I checked are for older vulnerabilities.

Is this simply a back-fill of older vulnerabilities using the newer engine capabilities, or is there another effort going on behind the scenes?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
wsulym
Cisco Employee
Cisco Employee
In response to srdroppers

‎03-27-2009 07:58 AM

You pretty much nailed it the first time.

To keep it short, we are leveraging new engine technologies to back-fill coverage as well as responding to customer requests for specific coverage. Many of these requests are for older vulnerabilities that we don't feel are broadly applicable so we are creating the signatures but releasing them retired. We're leaving the decision up to the end customer to unretire the signatures if its something you feel you want or need.

We'll be slowly releasing more signatures in upcoming updates, so expect more to come, but similar in nature.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
smalkeric
Level 6
Level 6

‎03-26-2009 09:19 AM

All signature updates are cumulative. The S387 signature update contains all previously released signature updates.

You must have a valid Cisco Services for IPS contract per sensor to receive and use software upgrades including

signature updates from Cisco.com.

A Cisco Services for IPS Services License is required for the installation of all signature updates. The Cisco Services

for IPS Services License can be requested from http://www.cisco.com/go/license for all sensors covered by a

maintenance contract.

The S387 signature update can ONLY be applied to E3 sensors.

0 Helpful

Go to solution
srdroppers
Level 1
Level 1
In response to smalkeric

‎03-26-2009 11:42 AM

I realize the signature sets are cumulative. It seemed the S387 set had a much larger than usual number of "new" signatures, some for of the new signatures for vulnerabilities that have been around for a while.

I am interested in why the large number of "new" signatures in S387.

0 Helpful

Go to solution
wsulym
Cisco Employee
Cisco Employee
In response to srdroppers

‎03-27-2009 07:58 AM

You pretty much nailed it the first time.

To keep it short, we are leveraging new engine technologies to back-fill coverage as well as responding to customer requests for specific coverage. Many of these requests are for older vulnerabilities that we don't feel are broadly applicable so we are creating the signatures but releasing them retired. We're leaving the decision up to the end customer to unretire the signatures if its something you feel you want or need.

We'll be slowly releasing more signatures in upcoming updates, so expect more to come, but similar in nature.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card