Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Updating signatures in IDS policy Manager

From: "Jeff Dell" <jdell () activeworx com>
Date: Wed, 17 Dec 2003 07:40:54 -0500

1. Rules from within IDS Policy manager are retrieved from
www.activeworx.com/downloads. They are retrieved from here because they
are in .zip format. This is a limitation of the language that IDSPM is
programmed in that will not allow it to view tar.gz files. The latest
rules that are located at the above url are updated within a day of CVS
being updated. The files are not modified in any way, they are just
converted into .zip format. If you feel more comfortable with getting
the rules from www.snort.org, you can get them from here and then
untar/gz the files yourself and then merge the rules locally rather then
via web. 

IDS Policy Manager has it's own internal numbering system to perform
quick checks for new ruleset versions. There is a tiny file located at
the same url that contains the latest ruleset version in it. This file
increments every time there are actually new rules so you don't have to
download the entire ruleset and check each ruleset to see if anything
has changed. This file is separate from the rules file and is the only
thing unique to IDSPM. You can turn this off if you want to perform a
complete check every time.

2. The virus ruleset is not currently being updated.


On a side note... I am excited to say IDS Policy Manager is 3 years old
today!

Cheers!
Jeff



-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of
Michael.Mulholland () dfpni gov uk
Sent: Wednesday, December 17, 2003 6:01 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Updating signatures in IDS policy Manager


Folks,

I'm looking some advice on the IDS Policy Manager.

We've been running snort for about 2 weeks now and when i open the
policy
manager to check for updates i have only had 2

I'm currently on ruleset version 74, i've checked for manual updates by
right clicking and looking for updates and it appears to check ok

I've 2 queries

1. Am i uptodate with my ruleset version?

2. In the virus ruleset there is a comment telling me that this ruleset
is
being actively updated - is this correct?
    If so, how do i get my ruleset for viruses updated

Any replies/comments greatly appreciated

michael mulholland







-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for
IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys
admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: