When a signature is created under SigWizMenu there is a general description of the Sig in SigUser. I often find it usefull on alerts to see what the signature is looking for. I usually read the NSDB descriptions and augment that with use SigWiz menu to look at the parameters (even though not all sigs are in there).
Would it be possible to have a flat file that contained the parameters for each sig (similiar to SigUser) to use to assist in alarm validation.
The reason that you can't do this currently is that some of our signatures are still based on the old binary format. It is impossible to display anything abouth them and they can not be modified externally. We are working on transitioning all signatures to the engine style of implementation so you will soon be able to see all of the signatures in this format. We are also considering (leaning heavily towards it) unprotecting all fields for read only. This way users would be able to see exactly what the signature specifics are, but they would not be able to modify them. Expect to see these change in the 4.0 code base which is currently under development. There is no release schedule for this train as yet.
Would it be possible to also have a tool/utility that enables us to extract the specifics of all or multiple signatures at a time, without having to drill down to each individual one? It would also help us to keep track of changes to any signatures/parameters. Thanks.
I'm not certain that I understand this request. Are you asking for a tool that will present you a list of signature parameter strings in a single output rather than having to look at a signature one at a time in the SigWizMenu?
And are you referring to custom signatures or embedded signatures?
You mentioned previously that you plan to unprotect all fields for read only..... but users will not be able to modify them. If we can still change the values of unprotected parameters, then I would prefer to have this tool available on the director. If we cannot make any changes, then on the sensor is good enough. Thanks.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...