Solved: NM-CIDS auto update

yatisspor · ‎05-31-2007

Hi;

We have a 2811 with NM-CIDS module. How can i get it to automatically update IPS signatures. There is a menu whick asks for username,password and an IP address. Username and password are OK, but what is the ip address. How can i configure it for auto update...

And is there anyone knows which frequency does cisco renew IPS signatures..

marcabal · ‎06-01-2007

The sensor (NM-CIDS in your case) can not automatically pull new signature updates from cisco.com.

The auto update feature is to allow the sensor (NM-CIDS) to automatically pull new signature updates from one of your own internal ftp or scp servers. You will have to manually download the new files from cisco.com and place them on your ftp or scp server. So the IP Address in the configuration is your own ftp or scp server ip address.

Now CSM (Cisco Security Manager) IS able to automatically pull new signature updates from cisco.com. CSM can then automatically push them out to your sensors. So if you want automatic downloads from cisco.com, then you will need to purchase CSM to manage your sensors.

How often are new signatures released?

The longest time between signature updates will be about 2 weeks. It depends on how bad the latest vulnerabilities are. If a new bad vulnerability comes out, then the signature update gets sent out immmediately for that vulnerability. Otherwise signatures for several vulnerabilities get combined together and get sent out on a more regular basis between 1 and 2 weeks since the last regular update.

View solution in original post

marcabal · ‎06-01-2007

The sensor (NM-CIDS in your case) can not automatically pull new signature updates from cisco.com.

The auto update feature is to allow the sensor (NM-CIDS) to automatically pull new signature updates from one of your own internal ftp or scp servers. You will have to manually download the new files from cisco.com and place them on your ftp or scp server. So the IP Address in the configuration is your own ftp or scp server ip address.

Now CSM (Cisco Security Manager) IS able to automatically pull new signature updates from cisco.com. CSM can then automatically push them out to your sensors. So if you want automatic downloads from cisco.com, then you will need to purchase CSM to manage your sensors.

How often are new signatures released?

The longest time between signature updates will be about 2 weeks. It depends on how bad the latest vulnerabilities are. If a new bad vulnerability comes out, then the signature update gets sent out immmediately for that vulnerability. Otherwise signatures for several vulnerabilities get combined together and get sent out on a more regular basis between 1 and 2 weeks since the last regular update.