Does anyone know if there is a file in IDS 4.0 where you can manually change the action for each signature ID? IDM can be a little tedious when you have 946 signatures to change. In version 3.1 packetd.conf had all the signature configurations in one file which could easily be modified by a text editor. Is there an equilelent file in IDS version 4.0?
Once you understand how to use the CLI to edit the configuration, it can sometimes be faster than IDM.
Once you become accustomed to the CLI you can even begin doing things faster by pasting in multiple commands.
So if you figure out the commands to change the config on one sensor, you can usually paste those commands into the CLI of the next sensor.
To enable signature 3550 you can copy and paste these commands (note all commands can be copied and pasted at once, you do not have to copy and paste each command by itself):
serv virtual virtualSensor
sig sig 993
sig sig 3050
NOTE: the "yes" in the above commands will answer yes to the question that comes up and asks if you want to save the configuration. If the previous commands did not change the configuration (the configuration was already that way) then the "yes" will simpy create a CLI unknown command error that you can ignore.
NOTE2: If you notice there is the word OTHER before the signature line. This is needed to designate which engine the signature is in. You will need to know the engine of the signature you want to edit.
Another hint for you:
Many times you can use the output from "more current-config" to show you what CLI commands you will want to use.
Make one or two edits in IDM, then check "more current-config" to see which CLI commands corresponded.
Should have mentioned before; Throughthe IDSMC you CAN enable multiple signatures and change their severity in one stroke.
In the list of signatures under configuration, check all the signatures that you need to, click the Edit button, then check theEnable box, you could also change the Severity for all of these selected signatures.
Once you become familiar with the CLI commands this becomes a fairly easy process, and is consistent with other Cisco network devices.
For users who like configuration files, it is a configuration file with the parameters in the form of CLI commands.
For really advanced users:
The sensor does support editing of the XML configuration file.
We have published the RDEP specification that documents how to connect and send control transactions to the sensor.
The IDIOM specification (which is still in review) will document the different control transactions possible on the sensor. One of these control transactions is to pull down the current XML configuration of sensorApp. You can then edit the XML file, and send the configuration back to sensorApp through another control transaction.
I don't usually recommend users do this because the XML can change slightly between versions. Also you miss out on the error checking that the CLI/IDM/IDSMC will do for you in validating your configuration changes.
But if you are a pwer user then you may want to talk with your Cisco rep and request a draft copy of the IDIOM specification, or wait until IDIOM is finalized and published on Cisco's web site.
NOTE: Access to RDEP and IDIOM specification will require you to sign some sort of license, not sure what that is or where they are located on CCO.
If you are an advanced users willing to put forth the extra effort to create your own RDEP client, then yes you can edit a single XML configuration file to make your changes.
Another possibility for you if you do want to edit the sensor's xml file:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :