Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
0
Helpful
3
Replies

how to auto download cisco IDS signature to a ftp server?

mcoenetwork
Level 1
Level 1

‎03-16-2004 04:36 PM - edited ‎03-09-2019 06:46 AM

CISCO IDS signature update is truly frustrating. I understand that you can not pull the signature from Cisco site automatically to sensor. But how about can you automatically download it to your ftp server at least? If yes, any one has some script to automate the process?

Thanks.

Labels:
0 Helpful
3 Replies 3

milan.kulik
Level 10
Level 10

‎03-17-2004 02:52 AM

Hi,

just an idea how it could work on a Windows PC/Server:

Use some automatic FTP downloader to download the update package from CCO.

Example: You can use SpeedBit DAP (http://www.speedbit.com/DAP7/FAQ.asp?V=7.0.1.0#1) which enables you to configure scheduled download each day and set your user and password for CCO access in the downloader. Configure this download with the next update package URL (http://ftp.cisco.com/cisco/crypto/3DES/ciscosecure/ids/4.x/IDS-sig-4.1-3-S79.rpm.pkg) and let the DAP to try download this file every midnight, e.g., to c:\downloads\ids directory (some other sw might enable to download every hour).

Start some FTP server on your PC which works with IDS AutoUpdate feature

(I'm using 3Com 3CDaemon) and configure proper user ID, password and directory (c:\dowloads\ids) as configured on IDS.

(One note: I had to configure c:\downloads on my FTP server as user directory and //ids on the IDS to work OK.)

Let IDS to AutoUpdate every hour.

So the downloader should download the next package at the night it appears on CCO and the AutoUpdate should apply it to IDS sensor.

The final problem remaining is you have to configure complete URL for the update file. The CCO directory doesn't allow LIST command. You can configure several next files to your downloader (S79 - S85, e.g.) as a workaround and check once a week if the last one has already passed.

But generally this aproach is complicated and I'd chech every day if there is not a new IDS update anyway.

Regards,

Milan

0 Helpful

d.rehfeldt
Level 1
Level 1

‎09-10-2004 12:12 PM

For Cisco:

It would be nice to see CWVMS have the native ability to check for, and download, new IDS signatures as they become available. The decision to deploy the new signature automatically or manually would be up to the administrator. This is a feature of our centralized anti-virus and OS patch management servers that saves us time.

0 Helpful

lauram
Level 1
Level 1

‎11-09-2004 07:17 AM

I have the same problem...have you fixed it?

Thanks.

0 Helpful
Customers Also Viewed These Support Documents