Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

Signature listing

Ok, I know that there are about a gazillion signatures, but, is there anyplace where I can find a complete listing of all the current signatures and their relative suggested severity levels without having to go into IDM to get them?

I've searched the Cisco site to no avail.

Thanks,

Mike

2 REPLIES
Cisco Employee

Re: Signature listing

IDM is actually the best place to "get" the list, but may not be the best place to filter and sort and look through the list.

What you can do is bring up IDM, go to the "Policies" configuration, then go to Signature Definitions->sig0->All Signatures.

Now here is something many people may not be aware of. You can export this list to a comma separated file.

Select the top signature.

Scroll down the bottom of the list.

Hold down the Shift Key and select the last signature. This causes the selection of ALL signatures.

Now Right click and select Export->Comma Separated Values.

Sve the file to your desktop and open with your favorite spreadsheet tool.

Now you can sort and filter all you want.

Keep in mind it shows you the "current" settings for the signatures. So if you've tuned anything it will show you your tunnings rather than the default.

If you've done tunings, but want to see the defaults, then instead of exporting from "sig0" you would want to create a "sig1" (or use another name) to create a brand new signature configuration. And then export from that new configuration before making any tunings.

The other alternative is to use Securty Center on cisco.com:

http://tools.cisco.com/security/center/search.x?type=i&order=

You can sort by any of the column headings, and use the fields at the top of the page for filtering.

The biggest limitation, however, is that it only shows you 10 signatures at a time, and I am not aware of a method to increase that count or allow you to export the results.

So I generally would recommend exporting from IDM and using the comma separate file for most of your rogh filtering, sorting, and searching. And then going to Security Center on cisco.com when you need information about specific signatures and you can use the filters to get to those specific signature IDs.

New Member

Re: Signature listing

152
Views
5
Helpful
2
Replies
CreatePlease to create content