Snort mailing list archives
RE: Updating signatures in IDS policy Manager
From: "Jeff Dell" <jdell () activeworx com>
Date: Wed, 17 Dec 2003 07:40:54 -0500
1. Rules from within IDS Policy manager are retrieved from www.activeworx.com/downloads. They are retrieved from here because they are in .zip format. This is a limitation of the language that IDSPM is programmed in that will not allow it to view tar.gz files. The latest rules that are located at the above url are updated within a day of CVS being updated. The files are not modified in any way, they are just converted into .zip format. If you feel more comfortable with getting the rules from www.snort.org, you can get them from here and then untar/gz the files yourself and then merge the rules locally rather then via web. IDS Policy Manager has it's own internal numbering system to perform quick checks for new ruleset versions. There is a tiny file located at the same url that contains the latest ruleset version in it. This file increments every time there are actually new rules so you don't have to download the entire ruleset and check each ruleset to see if anything has changed. This file is separate from the rules file and is the only thing unique to IDSPM. You can turn this off if you want to perform a complete check every time. 2. The virus ruleset is not currently being updated. On a side note... I am excited to say IDS Policy Manager is 3 years old today! Cheers! Jeff -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Michael.Mulholland () dfpni gov uk Sent: Wednesday, December 17, 2003 6:01 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Updating signatures in IDS policy Manager Folks, I'm looking some advice on the IDS Policy Manager. We've been running snort for about 2 weeks now and when i open the policy manager to check for updates i have only had 2 I'm currently on ruleset version 74, i've checked for manual updates by right clicking and looking for updates and it appears to check ok I've 2 queries 1. Am i uptodate with my ruleset version? 2. In the virus ruleset there is a comment telling me that this ruleset is being actively updated - is this correct? If so, how do i get my ruleset for viruses updated Any replies/comments greatly appreciated michael mulholland ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Updating signatures in IDS policy Manager Michael . Mulholland (Dec 17)
- RE: Updating signatures in IDS policy Manager Jeff Dell (Dec 17)