Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
687
Views
0
Helpful
5
Replies

Signature List

kim.kehrlein
Level 1
Level 1

‎10-01-2001 02:11 PM - edited ‎03-08-2019 08:48 PM

I am trying to find a complete and current listing of signatures and their corresponding numbers. Does anyone know where I can find one?

TIA

Labels:
0 Helpful
5 Replies 5

marcabal
Cisco Employee
Cisco Employee

‎10-01-2001 05:02 PM

If you have loaded the latest signature update on an appliance sensor then the list can be found in the file /usr/nr/etc/signatures and also in /usr/nr/etc/wgc/templates/signatures.

They can be found in the same files on a Unix Director that has been upgraded with the latest signature update. They are also available on the Unix Director by pointing your web browser to the /usr/nr/html/all_sigs_index.html file, or by opening the /usr/nr/html/all_sigs_index.txt file with a text editor.

They can also be found on a CSPM box that has been upgraded with the latest signature update. Point you web browser to the \Report\nsdb\all_sigs_index.html or open the all_sigs_index.txt file in the same directory with wordpad.

If you don't have access to the CSPM box, Unix Director, or Sensor then you can download the CSPM signature update and unzip it with winzip. It also contains the all_sigs_index.html and all_sigs_index.txt files. you can just unzip it and place on your own desktop machine for quick and easy access to the NSDB.

The Signature Updates for all the mentioned products are available at:

http://www.cisco.com/kobayashi/sw-center/ciscosecure/ids.shtml

0 Helpful

john.maxwell
Level 1
Level 1
In response to marcabal

‎10-30-2001 01:16 PM

to marcabel: I'm going to give you a big 'No, they are not'.

My Solaris stuff is current on Sensor and Director up through S9, and there are signatures that alert for us that are NOT in the NSDB.

I am loading S10, so hopefully that will be corrected.

I think maybe what the original poster was asking is something I have wanted for a while - a spot outside the IDS that I can research from my desk. My IDS setup is locked in a cold room (literally) and I would love to have just the NSDB available somewhere where I could access it from say, home.

I do not know if the NSDB is available on the Cisco site somewhere but I haven't found it if it is.

0 Helpful

seth.leone
Level 1
Level 1
In response to john.maxwell

‎10-30-2001 02:26 PM

well..yes actually it IS there...however its in the /usr/nr/etc/html/ folder

-also, as root on the director, check /usr/ciscosec/nsdb/html/

Cisco CCO also offers a Cisco Secure Encylopedia site which can be useful to reference as well

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to seth.leone

‎10-30-2001 03:32 PM

Places to look:

Unix Director: /usr/nr/html/all_sigs_index.html /usr/nr/etc/signatures

Sensor: /usr/nr/etc/signatures

CSPM: all_sigs_index.html in the directory where the NSDB is placed.

For use at your personal desktop, you could also download the CSPM update and unzip it into a folder on your harddrive. It is a zip file of the NSDB and a few CSPM files which you can ignore.

If a signature is missing from the NSDB index page then you have found a bug. The signatures file and all_sigs_index.html should have the same current list of signatures. If you find one missing then please let us know so that we can create a DDTS Issue to fix the problem.

0 Helpful

a.wilmeth
Level 1
Level 1
In response to marcabal

‎10-31-2001 07:56 AM

We have run into this problem also. I can think of at least two signatures that have been triggered, but have no NSDB entry: 5121 and 3453.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents