Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
286
Views
0
Helpful
5
Replies

Automatic SP SIG Updates on IDS

teperjesi
Level 1
Level 1

‎10-19-2003 06:34 AM - edited ‎03-09-2019 05:12 AM

Can I configure Sensors (not IDSM) to look after updates on a FTP site frequently and install if it presents?

Should I really delete and add the Sensor in IDS MC, when I upgrade the Sensor not with the IDS MC.

Labels:
0 Helpful
5 Replies 5

tohuang
Level 1
Level 1

‎10-19-2003 09:20 PM

Hi,

I don't think your first question can be done.

You don'treally need to delete and add the sensor everytime you upgrade the sensor signature. If you upgrade the signature for IDSMC as well, you should be able to get the right information when you do query the sensor.

Thanks

Tony

0 Helpful

teperjesi
Level 1
Level 1
In response to tohuang

‎10-19-2003 11:51 PM

Thanks Tony!

It means, that I have to upgrade/update my Sensors manually every time? I know, the IDSM is able to upgrade itself automaticaly. Isn't this feature in the 4.x IDS software there? It would be very important.

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to teperjesi

‎10-20-2003 09:20 AM

The IDS MC documentation has the following Notes:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/mgt_ids/idsmc12/ug/ch05.htm#1977

NOTE: We strongly discourage updating sensor software versions and signature release levels in a direct session to an individual sensor if you manage that sensor with the IDS MC. You should instead use this procedure of performing updates through the IDS MC. If you have changed the configuration of a sensor, or updated a sensor, outside of the IDS MC, we recommend that you delete that sensor from your configuration and then add it to your configuration.

NOTE: Updating sensor software in a direct session to an individual sensor instead of by performing an update through the IDS MC will result in the rejection of the SSH fingerprint for that sensor. This is because the IDS MC is not involved in a session to an individual sensor.

With that said, if you decide to implement the auto update then I think you can do the following.

NOTE: I have not tried this myself so I am just theorizing.

1) Download the IDS MC update.

2) Install the IDS MC update on the IDS MC, this is so IDS MC has it's own conf files updated.

3) Download the IDS sensor update and put on your FTP server.

4) Wait for the sensor to automatically update itself.

5) Go to IDS MC and in the Identification screen for the sensor there is a Query button. This will cause the IDS MC to query the sensor for it's current version (the same version must already have been updated on IDS MC itself in step 2 above).

6) If the query fails you may need to re-establish the SSH keys as statd in the notes from the IDS MC guide above.

0 Helpful

teperjesi
Level 1
Level 1
In response to marcabal

‎10-22-2003 12:10 AM

Thanks! I figured out the same solution. May be, it will work.

Is there any plan to insert the auto update function in the IDS MC in the future? It is strange, the IDM know this feature and the big brother IDS MC doesn't.

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to teperjesi

‎10-22-2003 08:14 AM

I have heard different scenarios being considered but have not heard if any will be implemented.

I would suggest contacting the TAC and asking them to enter an enhancement request against IDS MC for the auto upgrade feature.

The more users requesting a particular enhancement the more likely it will be implemented in a future version.

0 Helpful
Customers Also Viewed These Support Documents