After updating to IDSM 3.0(3)S10 and CSPM-2.3.3i-S13, I notice that my general signatures for the IDSM under Tools and Services do not update to reflect any additional new signatures. This prevents me from editing the properties of the new signatures. Am I missing somthing here or do I have to remove and add the sensor again to capture them?
I haven't seen this problem before, but I will have one of our engineers see if he can reproduce it in our lab.
What you may be seeing, however, is a signature number sorting issue. When new signatures are added, CSPM will seomtimes place them at the bottom of the list instead of placing them in the list sorted by signature id. So you may want to check near the bottom of the list for the new signatures.
I have seen this once before on one probe, but I can't tell you why. I say that just to say it may have to do with some other part of the upgrade, and not necessarily the (3) upgrade.
I have 6 sensors, and there is one update's worth of signatures missing from one sensor. I discovered it when trying to tune the signatures one day. Since I have other issues more pressing with my IDS probes, I simply swapped which sensor was deployed where and added a "rebuild sensor" item on my to-do list.
So I would be interested in knowing what you find out - it may save me a rebuild later. :-) But I'd have you lab guys try something possibly with the sensor busy with another daemon doing something during update rather than something specific to this new update.
Can you provide a bit more detail? Which screen do you access Tools->Services from? I could not find it. What additional signatures are you expecting to see? You should be able to see and modify up to S10 signatures, are you able to see S10 signatures? You'll be able to see S11-S13 signatures on IDSM when the next Signature Update is released (end of this month). I hope this helps, if not send me the steps and I'll test your situation in the dev-test lab.
Under the CSPM Tools and Services, there is a drop down for Sensor Signatures defaults. What I think is happening, is when I update the CSPM signatures, I don't see the new ones being added to the current general signature lists. For example, the 8000 series signatures ID's with S10 are not showing up in the CSPM signature files. Also I noticed that under the General tab, view properties, there is an option to "view only signatures applicable to sensors with software verions". I can select it, but not retain or view the signatures, it just defaults back to "all signatures within this template" when I select OK, save and update.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...