Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1241
Views
1
Helpful
4
Replies

Automating IPS signature downloads

gdntsoc
Level 1
Level 1

‎12-13-2005 12:49 PM - edited ‎03-10-2019 01:48 AM

Greetings all.

I'm looking for a scripted way to automate downloads of 4.x/5.x signature updates from the Cisco.com site using my CCO login/pass. For example, a Perl or shell script possibly hooked into wget (or other?), all running regularly via cron. Does anyone have experience with this?

I have scripted ways to install signatures updates via the CLI, just trying to automate the initial download part. Thanks for any assistance.

Labels:
0 Helpful
4 Replies 4

thomas.chen
Level 6
Level 6

‎12-19-2005 01:52 PM

The Cisco IPS Sensor software v5 helps users stop more threats with greater confidence through the use of the following elements:

---Accurate inline prevention technologies-Provides unparalleled confidence to take preventive action on a broader range of threats without the risk of dropping legitimate traffic. These unique technologies offer intelligent, automated, contextual analysis of your data and help ensure you are getting the most out of your intrusion prevention solution.

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_data_sheet0900aecd801e6a45.html

mhellman
Level 7
Level 7

‎12-20-2005 12:17 PM

Your first obstacle will be coming up with a solution to determine the correct URL to use. For example the latest is:

http://ftp-sj.cisco.com/cisco/ciscosecure/ips/5.x/sigup/IPS-sig-S208-minreq-5.0-1.pkg

You could fetch http://www.cisco.com/cgi-bin/tablebuild.pl/ips5-sigup?sort=filename

and parse out the most recent sig URL from the HTML. Another alternative would be to have the Cisco "new sig" email notifications go to a process account. Then, parse that email (I believe text formats are supported) for the URL.

a simple wget with your CCO credentials will work once you have come up with the URL.

It's likely to be brittle since it depends on Cisco for a lot (timely email's, good dates in the HTML returned, etc). IMHO, it's a Very Bad Idea...but should be technically possible.

0 Helpful

gabelar
Level 1
Level 1

‎12-20-2005 01:43 PM

I can't really help you with the scripting, but if you're running five attacks and the latest VMS. Rumor has it this feature is available. Options below:

IPS MC polls CCO for updates. The user has 3 choices in IPS MC 2.2 when dealing with signature updates.

1) Check only - This allows the IPS MC to check for new updated and notify the user

2) Check and download - This checks for new updates and downloads them to the IPS MC

3) Check, download, auto-update - This checks for new updates, downloads and automatically pushes them out to sensors.

0 Helpful

cskipper
Level 1
Level 1
In response to gabelar

‎12-21-2005 11:43 AM

All

Greg is correct.

IPS MC 2.2 was released 16 December with fully automatic updates.

Enabling Automatic Updates

1) Check for sigupdates and notify the user

2) Check and download sigupdates and notify the user

3) Check, download, and automatically push the updates to the device.

You can select which sensor you want automatically updated

1) Disable

2) Enable Sigupdates only

3) Enable Sigupdates, patches, service pack, and minor version updates.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card