Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
When I first began to tune the sensor, I went in with the IDM and turned on most of the older trojan definitions just to see if anything was hiding in the network. I have not had any hits on those sigs for a couple of weeks and I would like to set all the trojan sigs back to default (ie back to retired) in one stroke via the CLI. I am running version 5 of the IDS software. Is there an easy way to do this? Thanks.
There is no single command that can reset all trojan signatures to their default values. Your best option is to re-apply the lastest service pack (not latest signature udpate) to the Sensor. This will reset most of the signatures to their default values.
There is no single command that can reset all trojan signatures to their default values. Your best option is to re-apply the lastest service pack (not latest signature udpate) to the Sensor. This will reset most of the signatures to their default values.
It's pretty easy using the IDM, but I don't think you can do it using the CLI without knowing the sig numbers. FWIW, I don't think a service pack is going to do it either.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
