I logged into the FireSIGHT and clicked on Policies tab -> Access Control tab , it shows
"Access Control policy out-of-date on 2 devices. Intrusion Policies out-of-date on 2 devices".
Clicked on it, it takes me to the pop up screen like this (in attachment1)
Clicked on "out-of-date" link on the pop up screen, it takes me to the Compare View, one of it is comparing my IPS Policy (2015-04-09) with the IPS Policy (2016-04-14). I believe the one in 2015 was the one we first created fireSIGHT and the 2016 is the one I downloaded and installed.
The one in 2016 has a lot of rules while the one in 2015 doesn't and vice versa. Before I hit "Apply selected configurations" button on the attachment1, i want to understand what it will do to the policy that I built in 2015. Because the one built in 2015 was created by a consultant and i don't want to change anything that he made or customized initially if I don't have to.
If there were any changes made to the policy (in comparison to the one that applied on the sensor) and not pushed to the sensors, your policy will show out of date. Once you apply it to the sensors, it will override the existing policy on the sensor with the new changes.
Hello, it is recommended to update it with the new set of signatures.
Those signatures should be delivered weekly ( or even often) by either Cisco or other vendor that you use .