Probably something I've missed in the reading but...
View: CSPM managing 2 4230's and a 4210 sensor.
I have loaded the S16 and S17 patches. The policies have been pushed. Everything seems to be working fine. However, from the CSPM GUI if I select the +Signature Sensors and select the signature file for any of the sensors I cannot see the new "4507" signature listed. It shows SNMP series through 4505 and then goes onto the remainder. However, the new 5223 and 5224 signatures DO show... When I check the NSDB it IS listed there. So the HTML files for the NSDB are present. How can I tell if the update patches for the sensors actually built the signatures that S16 and S17 were supposed to - at least for the 4507 sig?
The action should be set to zero (no action) by default.
And the severity should be 5 (High) by default.
If you do not see this on an S17 sensor, then either the CSPM update file has a bug, or something
in your installation and deployment didn't work right.
As for looking in CSPM itself for the signature, be aware that the new signatures are not necessarily in numerical order. Quite often CSPM will simply add the new signatures to the bottom of the signature list.
I found the 4507 SigOfGeneral listed as you described. So then I started up the SigWizMenu - figured that I could set the actions there... No 4507 sig found. Hmmmm, (bear with me... I'm slow but steady) if the signature doesn't show in the CSPM and I can't find it using the SigWizMenu then how am I supposed to set the actions? Is not enabling new sigs the default?
I will be quite embarrased if I have been loading the sig updates for the last month and not been actually turning them "on".
Hold the presses! I found it in the CSPM Sig listing! Not only am I slow but apparently I am losing my eyesight as well. I swear I looked carefully through it several times last night!
Anyways, with that - all my questions on this issue are now answered.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :