10-01-2001 02:11 PM - edited 03-08-2019 08:48 PM
I am trying to find a complete and current listing of signatures and their corresponding numbers. Does anyone know where I can find one?
TIA
10-01-2001 05:02 PM
If you have loaded the latest signature update on an appliance sensor then the list can be found in the file /usr/nr/etc/signatures and also in /usr/nr/etc/wgc/templates/signatures.
They can be found in the same files on a Unix Director that has been upgraded with the latest signature update. They are also available on the Unix Director by pointing your web browser to the /usr/nr/html/all_sigs_index.html file, or by opening the /usr/nr/html/all_sigs_index.txt file with a text editor.
They can also be found on a CSPM box that has been upgraded with the latest signature update. Point you web browser to the
If you don't have access to the CSPM box, Unix Director, or Sensor then you can download the CSPM signature update and unzip it with winzip. It also contains the all_sigs_index.html and all_sigs_index.txt files. you can just unzip it and place on your own desktop machine for quick and easy access to the NSDB.
The Signature Updates for all the mentioned products are available at:
http://www.cisco.com/kobayashi/sw-center/ciscosecure/ids.shtml
10-30-2001 01:16 PM
to marcabel: I'm going to give you a big 'No, they are not'.
My Solaris stuff is current on Sensor and Director up through S9, and there are signatures that alert for us that are NOT in the NSDB.
I am loading S10, so hopefully that will be corrected.
I think maybe what the original poster was asking is something I have wanted for a while - a spot outside the IDS that I can research from my desk. My IDS setup is locked in a cold room (literally) and I would love to have just the NSDB available somewhere where I could access it from say, home.
I do not know if the NSDB is available on the Cisco site somewhere but I haven't found it if it is.
10-30-2001 02:26 PM
well..yes actually it IS there...however its in the /usr/nr/etc/html/ folder
-also, as root on the director, check /usr/ciscosec/nsdb/html/
Cisco CCO also offers a Cisco Secure Encylopedia site which can be useful to reference as well
10-30-2001 03:32 PM
Places to look:
Unix Director: /usr/nr/html/all_sigs_index.html /usr/nr/etc/signatures
Sensor: /usr/nr/etc/signatures
CSPM: all_sigs_index.html in the directory where the NSDB is placed.
For use at your personal desktop, you could also download the CSPM update and unzip it into a folder on your harddrive. It is a zip file of the NSDB and a few CSPM files which you can ignore.
If a signature is missing from the NSDB index page then you have found a bug. The signatures file and all_sigs_index.html should have the same current list of signatures. If you find one missing then please let us know so that we can create a DDTS Issue to fix the problem.
10-31-2001 07:56 AM
We have run into this problem also. I can think of at least two signatures that have been triggered, but have no NSDB entry: 5121 and 3453.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide