08-01-2019 05:44 AM - edited 02-21-2020 09:21 AM
Hi all,
I have a 5525-x with FirePOWER module. Around the time VDB update 324 came out we started to see latency issues with office documents. I can see that VDB-324 updated Microsoft WebApp signatures:
Web Application Detectors:
Reddit: Social news link site. (updated)
Citrix Online: Citrix Online services, including GoToMyPC, GoToMeeting, GoToWebinar, and GoToTraining. (updated)
Fuze: A team collaborative call and messaging tool. (updated)
Microsoft: Official Microsoft website and its subapps (updated)
When I click on Microsoft its takes me to this information:
Description | Official Microsoft website. |
Categories | web services provider,business |
Tags | SSL protocol, Office 365 |
Risk | Medium |
Business Relevance | Low |
and here the trail goes cold. I'm looking for information on exactly whats changed so i can figure out if this is whats causing the issues were seeing, but the links just keep taking me around in circles. I'm assuming this information is available somewhere. I've worked with other NGFW's and signature/ threat DB updates are normally well explained and the information is readily available, but for FirePOWER I just dont seem to be able to locate it.
As you can see from the above I've had a good look before posting this. If someone knows where to get the detailed info (in locations that I havent looked yet) then I'd really appreciate your help.
08-01-2019 08:00 AM
The VDB document you already found is the most detailed published source of information. To drill down deeper, I'd suggest opening a TAC case. They can engage TALOS if necessary to investigate why your particular use case is causing issues for your end users.
For what it's worth, I have several customers with the latest VDB updates applied and none of them have reported issues. They are all using the "Balanced Security and Connectivity" ruleset in their Intrusion Policies.
08-01-2019 10:38 AM
Hi Marvin,
Thank you very much for picking this up, and confirmation that other users are not experiencing the same issue - I was wondering!
Just to confirm, the published information that I've referenced above only mentions that there have been changes in an area, they don't even give an outline of the changes - surely this cant be the sum total of the information available for a VDB update? I've worked with NGFW's from other vendors and the updates I've seen there have been very detailed. I'd base my decision to update / not update based on this information. Would this approach not be possible with FirePOWER?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide