03-29-2005 01:37 AM - edited 03-10-2019 01:21 AM
Is the NSDB database on the VMS Server updated with signature updates? If no, is there any method by which it can be updated manually? Can a local, searchable copy of the updated NSDB be stored on a machine outside of the VMS?
03-30-2005 06:15 AM
We've found a way to do this, though it might not be "legal" per se under the EULA. (Would someone from Cisco mind commenting?)
Just sftp a copy of the NSDB from a sensor into a local directory and then load it via a web browser running on the same machine where you copied the HTML files to.
Using your ssh/sftp client of choice, issue the equivalent of the following command:
sftp service@
NOTE: You'll have to create the service account, as outlined in the Cisco IDS documentation, to do this.
Once the files are copied, point a browser to the directory and load the file "all_sigs_index.html" to access the NSDB index.
CAVEAT: This is not a Cisco endorsed solution and may constitute an EULA violation! Use at your own risk!
04-05-2005 08:15 AM
I'll comment, but first I'll caveat...I'm not a lawyer, and I'm not allowed to commit Cisco to anything. That said, as long at the Cisco copyright is respected and you stick to "fair use", I don't expect anyone here in the Cisco IDS group to say anything. In my opinion, you're within "fair use" if you're making the product easier for you to use. Everything in the NSDB is available via the IPSAlerts page at www.cisco.com
03-30-2005 06:18 AM
Another option would be to access the Cisco version of the NSDB that is available online. It can be found at the following URL:
http://www.cisco.com/cgi-bin/front.x/csec/idsAllList.pl
NOTE: A valid CCO login is required to access the link
I hope this helps,
Alex Arndt
04-04-2005 10:00 PM
Thanks Alex,
I know about the online database. However I find that from the SecMon window, when I try to get an explanation from the context menu on any signature, I find that in some cases the information is missing in the local copy of the NSDB. It becomes more convenient to be able to read the relevant info from the same window, rather than shifting to another window, and running a search query. ISS RealSecure is very convenient in that respect, wherein the complete exploit and vulnerability info is available in the bottom pane, whenever you are tuning a signature, so one does not have to move away from the window. Please note that this is not an invitation to discuss the merits/demerits of competetive products.
Thanks.
04-05-2005 08:05 AM
The VMS MC is updated by a separate download for each signature update. See the IDS Sensor Update section at this link:
http://www.cisco.com/cgi-bin/tablebuild.pl/mgmt-ctr-ids
You can also extract the NSDB directly from the .zip file contained at the above link.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide