Additonally you could try using the CLI.

Once you understand how to use the CLI to edit the configuration, it can sometimes be faster than IDM.

Once you become accustomed to the CLI you can even begin doing things faster by pasting in multiple commands.

So if you figure out the commands to change the config on one sensor, you can usually paste those commands into the CLI of the next sensor.

For example:

To enable signature 3550 you can copy and paste these commands (note all commands can be copied and pasted at once, you do not have to copy and paste each command by itself):

conf t

serv virtual virtualSensor

tune

OTHER

sig sig 993

sig sig 3050

enabled true

exit

exit

exit

yes

exit

exit

NOTE: the "yes" in the above commands will answer yes to the question that comes up and asks if you want to save the configuration. If the previous commands did not change the configuration (the configuration was already that way) then the "yes" will simpy create a CLI unknown command error that you can ignore.

NOTE2: If you notice there is the word OTHER before the signature line. This is needed to designate which engine the signature is in. You will need to know the engine of the signature you want to edit.

Another hint for you:

Many times you can use the output from "more current-config" to show you what CLI commands you will want to use.

Make one or two edits in IDM, then check "more current-config" to see which CLI commands corresponded.

Thanks for the useful info. Copying and pasting the config in multiple sensor will greatly mitigate the task of configuring the signatures.

Thanks,

Joel

This entire process seems quite a bit tedious just to enable one signature...

I enjoy the CLI look since I am familiar with it... but come on, to enable signatures in this fashion is so crazy... I would prefer a 'conf' file myself...

atleast then i only have to edit one file and make tons of changes, instead of tons of commands just to change one signature... but that is me..

Joel / Thomas,

Should have mentioned before; Throughthe IDSMC you CAN enable multiple signatures and change their severity in one stroke.

In the list of signatures under configuration, check all the signatures that you need to, click the Edit button, then check theEnable box, you could also change the Severity for all of these selected signatures.

Thanks,

yatin

Side Note for advanced users.

Use the copy command to copy the current-config to your own ftp or scp server.

"copy current-config scp://me@mymachine/myconfig"

Edit the file using any text editor to put in the commands for the config changes you want.

"vi myconfig"

Use the copy command to copy your edited configuration in as the current-config.

"copy scp://me@mymachine/myconfig current-config"

or

"copy /erase scp://me@mymachine/myconfig current-config"

Once you become familiar with the CLI commands this becomes a fairly easy process, and is consistent with other Cisco network devices.

For users who like configuration files, it is a configuration file with the parameters in the form of CLI commands.

For really advanced users:

The sensor does support editing of the XML configuration file.

We have published the RDEP specification that documents how to connect and send control transactions to the sensor.

The IDIOM specification (which is still in review) will document the different control transactions possible on the sensor. One of these control transactions is to pull down the current XML configuration of sensorApp. You can then edit the XML file, and send the configuration back to sensorApp through another control transaction.

I don't usually recommend users do this because the XML can change slightly between versions. Also you miss out on the error checking that the CLI/IDM/IDSMC will do for you in validating your configuration changes.

But if you are a pwer user then you may want to talk with your Cisco rep and request a draft copy of the IDIOM specification, or wait until IDIOM is finalized and published on Cisco's web site.

NOTE: Access to RDEP and IDIOM specification will require you to sign some sort of license, not sure what that is or where they are located on CCO.

If you are an advanced users willing to put forth the extra effort to create your own RDEP client, then yes you can edit a single XML configuration file to make your changes.

Another possibility for you if you do want to edit the sensor's xml file: