Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
495
Views
0
Helpful
3
Replies

S17 Updates don't show in signature list..?

hschupp
Level 1
Level 1

‎02-13-2002 04:18 PM - edited ‎03-08-2019 09:49 PM

Probably something I've missed in the reading but...

View: CSPM managing 2 4230's and a 4210 sensor.

I have loaded the S16 and S17 patches. The policies have been pushed. Everything seems to be working fine. However, from the CSPM GUI if I select the +Signature Sensors and select the signature file for any of the sensors I cannot see the new "4507" signature listed. It shows SNMP series through 4505 and then goes onto the remainder. However, the new 5223 and 5224 signatures DO show... When I check the NSDB it IS listed there. So the HTML files for the NSDB are present. How can I tell if the update patches for the sensors actually built the signatures that S16 and S17 were supposed to - at least for the 4507 sig?

Henry Schupp

Labels:
0 Helpful
3 Replies 3

marcabal
Cisco Employee
Cisco Employee

‎02-13-2002 05:38 PM

Only S17 sensors will have the new signature.

You can

1) telnet to the sensor as user netrangr

2) cd /usr/nr/etc

3) grep 4507 packetd.conf

If you see a line that starts with:

SigOfGeneral 4507 0 5 5 5 5 .....

then you have the new signature

The action should be set to zero (no action) by default.

And the severity should be 5 (High) by default.

If you do not see this on an S17 sensor, then either the CSPM update file has a bug, or something

in your installation and deployment didn't work right.

As for looking in CSPM itself for the signature, be aware that the new signatures are not necessarily in numerical order. Quite often CSPM will simply add the new signatures to the bottom of the signature list.

marco

0 Helpful

hschupp
Level 1
Level 1
In response to marcabal

‎02-14-2002 05:26 AM

Thanks... Great!

I found the 4507 SigOfGeneral listed as you described. So then I started up the SigWizMenu - figured that I could set the actions there... No 4507 sig found. Hmmmm, (bear with me... I'm slow but steady) if the signature doesn't show in the CSPM and I can't find it using the SigWizMenu then how am I supposed to set the actions? Is not enabling new sigs the default?

I will be quite embarrased if I have been loading the sig updates for the last month and not been actually turning them "on".

Hold the presses! I found it in the CSPM Sig listing! Not only am I slow but apparently I am losing my eyesight as well. I swear I looked carefully through it several times last night!

Anyways, with that - all my questions on this issue are now answered.

Thanks for your generous assistance!

Henry "Slug" Schupp

0 Helpful

hschupp
Level 1
Level 1
In response to marcabal

‎02-14-2002 05:37 AM

0 Helpful
Customers Also Viewed These Support Documents