08-26-2004 08:20 AM - edited 03-09-2019 08:36 AM
When updating signautures I can look at the Readme.txt to identify what signatures are enabled/disabled by defualt, however there is not any information included regarding which signature group each new signature is a member of.
To modify the signature config via the command shell you have to enter somthing like:
service virtual-sensor-configuration <sensor>
tune-micro-engines
<SIG-GROUP>
signatures SIGID <sigid> SubSig <sub>
CapturePacket True
exit
exit
How can I modify the default signature config (e.g. add CapturePacket True) via the command shell without knowing what group the signature is a member of?
TM
08-26-2004 10:32 AM
frustrating, isn't it?
if you are doing this command line, try this:
guardian1# conf t
guardian1(config)# service virtual-sensor-configuration virtualSensor
guardian1(config-vsc)#tune
guardian1(config-vsc-virtualSensor)#
****let's say you want to find/modify 6251, and you don't know which engine it's in******
guardian1(config-vsc-virtualSensor)# show settings | include 6251
STRING.TCP
-----------------------------------------------
signatures (min: 0, max: 1000, current: 323)
-----------------------------------------------
SIGID: 6251
in other words, from here:
guardian1(config-vsc-virtualSensor)#
use the command:
show settings | include 6251
this will give you the engine that it is in, and then you can go in and make your changes.
hope this helps,
chris
08-26-2004 01:22 PM
Absolutely!
Thank You for the information.
TM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide