IDS mailing list archives
Editing ISS RealSecure Network Sensor policy from commandline
From: Jim <gunmetalx () gmail com>
Date: Wed, 20 Jul 2005 17:17:00 +0000 (UTC)
Is there any way to edit the Network Sensor (version 7) policy with a text editor, and reliably apply this policy? I work for a fairly large MSP and some of our customers require event filters to be added in large numbers. Adding these one-at-a-time in the Policy Editor is VERY painful. For example, one customer yesterday requested that 10 source IPs ignore 9 signatures when talking to 2 destination IPs. I would go insane if I had to add 180 individual entries by hand. I found the "current.policy" file on the sensor itself, but it seems that changes to this file are not visible in the console's Policy Editor. For example, if I edit one of the filters in current.policy and then "Edit Current Policy" from the Site Protector console, the changes are not there. This is the case no matter whether I stop the sensor/daemon from the OS shell or using Stop/Start in Site Protector. Please let me know if there's any way to do this! I've scoured Google for about 2 days now, and a couple other employees here have asked ISS for help with this and have gotten nowhere. Thanks very much. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Editing ISS RealSecure Network Sensor policy from commandline Jim (Jul 20)
- Re: Editing ISS RealSecure Network Sensor policy from commandline Jonathan Glass (GMail) (Jul 21)
- Re: Editing ISS RealSecure Network Sensor policy from commandline ismail syed (Jul 21)
- <Possible follow-ups>
- RE: Editing ISS RealSecure Network Sensor policy from commandline Palmer, Paul (ISSAtlanta) (Jul 21)
- RE: Editing ISS RealSecure Network Sensor policy from commandline Sekurity Wizard (Jul 22)