Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1614
Views
4
Helpful
4
Replies

where can I find IDS signature list?

zhichao
Level 1
Level 1

‎11-18-2005 05:16 AM - edited ‎03-10-2019 01:45 AM

Hi

Where can I find the full signature list in IDS 4215 and their enable/disable status?

I tried http://www.cisco.com/cgi-bin/front.x/ipsalerts/idsAllList.pl?CUR_PAGE=2

But I cant send the info to the customer since it requires login and it does not show whether the signature is enabled by default.

Thanks

Labels:
0 Helpful
4 Replies 4

wsulym
Cisco Employee
Cisco Employee

‎11-18-2005 06:58 AM

If you have a version 5.x sensor, launching IDM and finding your way to the signature configuration portion will show you a list of all the signatures on the box and their enabled/disabled retired/unretired status - you can also sort by any of the displayed criteria by clicking on the column.

*or* You can visit MySDN (the new home for signatures and security intelligence) here:

http://tools.cisco.com/MySDN/Intelligence/home.x

click 'search'

click signature reports'

and see a listing of signatures and detail.

->this requires a valid CCO account

*or* If you're running VMS/IDSMC, you can yank out the nsdb from the MC update files for a webified version of the signatures.

You may be able to view the MySDN information with a CCO "guest" account - I think, not positive.

zhichao
Level 1
Level 1
In response to wsulym

‎11-18-2005 04:56 PM

Thanks for the info. they are useful for me.

However, for this case, the customer (without CCO account) has not bought IDS yet, so they got no VMS/IDSMC.

They want us to submit a docu showing what are the signature on the IDS. They will make buying decision then.

It seems the only way to show signature is to either have a IDS or have a valid CCO account. We need a offline ready docu to show them. :(

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to zhichao

‎11-21-2005 09:33 AM

The zip file for the IPS MC Signature Update contains a tar file of the NSDB.

If you have a CCO account you can download the latest IPS MC Signature update (for either V5 or V4 sensors):

http://www.cisco.com/cgi-bin/tablebuild.pl/mgmt-ctr-ids

Then unzip the file using winzip.

You will see a nsdb.tar file.

This nsdb.tar file can then be sent to your customer.

Your customer can then use winzip to untar the file.

It contains the html pages for the NSDB used in IPS MC and contains the same information (in a different format) to what is contained on CCO.

NOTE:

This method will work for now. But I am not sure if the NSDB will continue to be included in the IPS MC Signature Updates in future versions.

0 Helpful

zhichao
Level 1
Level 1
In response to marcabal

‎11-21-2005 06:04 PM

this is exactly what I did. :)

But it does not show whether the signature is enabled by default. :(

I guess this is the only way at this moment now.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card