Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
0
Helpful
5
Replies

VMS & NSDB

ajay_dand
Level 1
Level 1

‎03-29-2005 01:37 AM - edited ‎03-10-2019 01:21 AM

Is the NSDB database on the VMS Server updated with signature updates? If no, is there any method by which it can be updated manually? Can a local, searchable copy of the updated NSDB be stored on a machine outside of the VMS?

Labels:
0 Helpful
5 Replies 5

a.arndt
Level 3
Level 3

‎03-30-2005 06:15 AM

We've found a way to do this, though it might not be "legal" per se under the EULA. (Would someone from Cisco mind commenting?)

Just sftp a copy of the NSDB from a sensor into a local directory and then load it via a web browser running on the same machine where you copied the HTML files to.

Using your ssh/sftp client of choice, issue the equivalent of the following command:

sftp service@:/usr/cids/idsRoot/htdocs/protected/nsdb/html/*.html /path_to_copy_the_files_to

NOTE: You'll have to create the service account, as outlined in the Cisco IDS documentation, to do this.

Once the files are copied, point a browser to the directory and load the file "all_sigs_index.html" to access the NSDB index.

CAVEAT: This is not a Cisco endorsed solution and may constitute an EULA violation! Use at your own risk!

0 Helpful

scothrel
Level 3
Level 3
In response to a.arndt

‎04-05-2005 08:15 AM

I'll comment, but first I'll caveat...I'm not a lawyer, and I'm not allowed to commit Cisco to anything. That said, as long at the Cisco copyright is respected and you stick to "fair use", I don't expect anyone here in the Cisco IDS group to say anything. In my opinion, you're within "fair use" if you're making the product easier for you to use. Everything in the NSDB is available via the IPSAlerts page at www.cisco.com

0 Helpful

a.arndt
Level 3
Level 3

‎03-30-2005 06:18 AM

Another option would be to access the Cisco version of the NSDB that is available online. It can be found at the following URL:

http://www.cisco.com/cgi-bin/front.x/csec/idsAllList.pl

NOTE: A valid CCO login is required to access the link

I hope this helps,

Alex Arndt

0 Helpful

ajay_dand
Level 1
Level 1
In response to a.arndt

‎04-04-2005 10:00 PM

Thanks Alex,

I know about the online database. However I find that from the SecMon window, when I try to get an explanation from the context menu on any signature, I find that in some cases the information is missing in the local copy of the NSDB. It becomes more convenient to be able to read the relevant info from the same window, rather than shifting to another window, and running a search query. ISS RealSecure is very convenient in that respect, wherein the complete exploit and vulnerability info is available in the bottom pane, whenever you are tuning a signature, so one does not have to move away from the window. Please note that this is not an invitation to discuss the merits/demerits of competetive products.

Thanks.

0 Helpful

scothrel
Level 3
Level 3

‎04-05-2005 08:05 AM

The VMS MC is updated by a separate download for each signature update. See the IDS Sensor Update section at this link:

http://www.cisco.com/cgi-bin/tablebuild.pl/mgmt-ctr-ids

You can also extract the NSDB directly from the .zip file contained at the above link.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card