Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
0
Helpful
6
Replies

csids signature xml files

rmulyadi
Level 1
Level 1

‎01-14-2004 04:17 PM - edited ‎03-09-2019 06:08 AM

Which xml file (with its path in the sensor) contains the most updated signature information? I am trying to setup a script that automatically parse the file when it changes due to a signature update. Thanks.

Labels:
0 Helpful
6 Replies 6

marcabal
Cisco Employee
Cisco Employee

‎01-14-2004 08:55 PM

I will warn you that to access this file through the file system will require using the service account.

The service account is intended to only be used under TAC supervision for troubleshooting.

So using the service account could cause your sensor to not be supported by the TAC should a problem arise.

Also the name and location of this file may change in future versions.

File Name:

/usr/cids/idsRoot/etc/VS-Config/virtualSensor.xml

It contains both Cisco's default signatures along with any tunings you may have made.

0 Helpful

rmulyadi
Level 1
Level 1
In response to marcabal

‎01-15-2004 10:47 AM

I plan to parse the file (after scp-ing it to other system) to keep the signature data in our reporting database updated. If you think that this might cause problem in the future, could you recommend other options that I can use to accomplish this? Thanks

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to rmulyadi

‎01-15-2004 12:09 PM

You could write your own RDEP client to request a copy of the same file.

The RDEP client would be an HTTPS client capable of connecting to the sensor over an SSL/TLS connection and sending URL requests.

Most scripting programs like TCL or Perl have libraries to help in initiating the connection.

You would need to contact the TAC and ask for a copy of the RDEP spec (it is on CCO, but I don't remember the location).

You would also need to then ask the TAC for the Control Transaction to request the virtualSensor.xml from the sensor. This Control Transaction is in the IDIOM specification which is not on CCO, but which the TAC may be able to get from the developers.

0 Helpful

rmulyadi
Level 1
Level 1
In response to marcabal

‎01-15-2004 01:41 PM

I got a copy of the RDEP and IDIOM spec already before. So, I will look into it. Thanks for your input!

0 Helpful

rmulyadi
Level 1
Level 1
In response to rmulyadi

‎01-15-2004 03:47 PM

Ok. I got it working. One more question though.

I also need the defSigCategoriesConfig.xml that contains the categorization of the signatures. I can't seems to find the relevant control transaction command for it. Can you help me out here? Thanks!

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to rmulyadi

‎01-16-2004 09:29 AM

I am not aware of any method for getting this file through RDEP. The file is for internal IDM so wasn't designed to be retrievable through RDEP.

I suggest contacting the TAC and asking that they enter an enhancement request to make the file accessible through RDEP.

Note sure if it would be implemented, but it doesn't hurt to ask.

0 Helpful
Customers Also Viewed These Support Documents