Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Signature name field contains the “sig_id” as an event description

After an update to 3.1 (5) s62, the IDSMC reports the numeric value of the sig_ID in the “sig name” field of security monitor 1.1 for some of the newly updated signatures. I have seen this for the signatures id’s 11018, 11019, 11023 and 3130

“Sig name” field contains:

“11018” instead of “eDonkey Activity”

“3130” instead of “Mimail Virus I Variant File Attachment”

etc….

is there a way to correct this?

3 REPLIES

Re: Signature name field contains the “sig_id” as an event des

Hi,

Possibly a stupid question but did you update VMS with the 3.1(5)S62 update?

Scott

Community Member

Re: Signature name field contains the “sig_id” as an event des

I followed my normal procedure to update the signatures via the IDSMC. Download the .zip file to the %installed program%/updates directory. From IDSMC, I select > management center >ids sensors> configuration > updates. I apply the signature update to the sensors.

Is there some screen that I have missed?

Re: Signature name field contains the “sig_id” as an event des

Nope, looks like you followed the proper procedures. I just wanted to make sure you had not applied the update manually to the sensor. If you don't mind, go ahead and apply the S62 update again via IDS MC. You should not even be prompted to update the sensors this time, just the MC itself. Let me know what you find and I will see what I can dig up.

Scott

83
Views
0
Helpful
3
Replies
CreatePlease to create content