I know this has been posted before in several different posts, but can someone please re-post what needs to be re-tuned (what tunes are overwritten) with a sig update? Previous disables, enables, individual sig parameter changes, filters, etc? Do filters have to be re-applied?
During all signature updates for 4.x sensors the user should not have to re-tune any of the signatures.
Any configuration modifications made by the user will be maintained through the update.
If you are seeing configurations that are not being maintained through a signature update then please notify the TAC as a bug may need to be created.
During a signature update the DEFAULT severity and enable settings (as well as a few other signature parameters) may change. These changes to the DEFAULTS are typically listed in the readme for the signature update.
If you don't like the new DEFAULT setting, then you may choose to tune the signature and put the parameter back to the old setting.
One ofthe 4.x signature updates when set the DEFAULT setting for several older signature to disabled. If you wanted these older signatures then you will need to tune them at set them to enabled. Once you have manually enabled them then they will stay enabled for future signature updates.
Now the major version upgrade from 3.x to 4.x isn't as simple.
The sensor upgrade from 3.x to 4.x will reformat the hard drive and all configuration will need to be redone.
If you were using IDS MC then the IDS MC can help to convert some but not all of the 3.x configuration to 4.x. I am not sure what from the 3.x configuration was not able to be converted to 4.x configuration using the IDS MC.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...