[Snort-users] Updating signatures in IDS policy Manager

Jeff Dell jdell at ...1095...
Wed Dec 17 04:42:01 EST 2003


1. Rules from within IDS Policy manager are retrieved from
www.activeworx.com/downloads. They are retrieved from here because they
are in .zip format. This is a limitation of the language that IDSPM is
programmed in that will not allow it to view tar.gz files. The latest
rules that are located at the above url are updated within a day of CVS
being updated. The files are not modified in any way, they are just
converted into .zip format. If you feel more comfortable with getting
the rules from www.snort.org, you can get them from here and then
untar/gz the files yourself and then merge the rules locally rather then
via web. 

IDS Policy Manager has it's own internal numbering system to perform
quick checks for new ruleset versions. There is a tiny file located at
the same url that contains the latest ruleset version in it. This file
increments every time there are actually new rules so you don't have to
download the entire ruleset and check each ruleset to see if anything
has changed. This file is separate from the rules file and is the only
thing unique to IDSPM. You can turn this off if you want to perform a
complete check every time.

2. The virus ruleset is not currently being updated.


On a side note... I am excited to say IDS Policy Manager is 3 years old
today!

Cheers!
Jeff



-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
Michael.Mulholland at ...9481...
Sent: Wednesday, December 17, 2003 6:01 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Updating signatures in IDS policy Manager


Folks,

I'm looking some advice on the IDS Policy Manager.

We've been running snort for about 2 weeks now and when i open the
policy
manager to check for updates i have only had 2

I'm currently on ruleset version 74, i've checked for manual updates by
right clicking and looking for updates and it appears to check ok

I've 2 queries

1. Am i uptodate with my ruleset version?

2. In the virus ruleset there is a comment telling me that this ruleset
is
being actively updated - is this correct?
    If so, how do i get my ruleset for viruses updated

Any replies/comments greatly appreciated

michael mulholland







-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for
IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys
admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list