|
|
|
Jeff,
It would be nice to have the rule update location on the main Policies page. Nice to have that at a glance.
|
|
|
|
 | |
|
|
|
I agree.. why should you have to click on the policies treeview to update the policies.. this will be changed in the next build. Thanks for the feedback!
Cheers,
Jeff |
|
|
|
| |
|
|
|
Jeff,
What do you think of also including the snort version number on that page?. 2.6.0 and .1 jumped revisions very fast. In the middle of upgrading I had to start over a few times with a new version. I was thinking it would be nice to be able to keep track of what code version was on each sensor. How about a section the user can update themselves so you do not have to release a new version everytime Snort is released.
|
|
|
|
| |
|
|
|
Also, that would be great. My original intention was just to be able to see where I am pulling rules from. But you wont get any complaints from me with the short cuts. :)
|
|
|
|
| |
|
|
|
My intention is to add a form like the sensor upload form. It will have a list of the different policies and give the user the ability to select which policies to update by check box's. it will also have some details of each policy like update locations, snort ver etc. I hope to get this done along with a few other things in the coming weeks.
Cheers,
Jeff |
|
|
|
| |
|
|
|
Sounds Great!
Thank you.....
|
|
|
|
| |
|
|
|
This has been added in IDSPM v2.1 Beta 1. The policy upload menu item is available at all times. As well as a new upload form.
Cheers,
Jeff |
|
|
|
| |
|
|
|
Jeff,
Been using 2.1 for a few days now, so far so good. Things I noticed.
In the edit sensor page you can not choose a snort version.
While trying the delete rules option I could not find a way to verify if it worked and what rules deleted. I know VRT deleted a few rules but the Add/Update xxx rules to policy window did not show any reference to the deleted rules.
PS the Policy Status page is nothing less than awesome........
|
|
|
|
| |
|
|
|
>In the edit sensor page you can not choose a snort version.
Just type one in.. once you have added it, it will appear in the dropdown for the next sensor. This way it will only show the versions of Snort that you currently have added and not any more (too many versions that you probably don't want if they were added by IDSPM).
>While trying the delete rules option I could not find a way to verify if it worked and what rules deleted.
These rules appear in the list the same way the update/add appear, but they have a remove instead of update/add.
Jeff
|
|
|
|
| |
|
|
|
Hmmmmm, I would think I should have seen at least one or two get removed, no? I know 10106 and 11315 are marked as deleted in the latest VRT set.
|
|
|
|
| |
|
|
|
Did you check the "remove old rules" in the settings form?
Jeff |
|
|
|
| |
|
|
|
Jeff,
Yes, remove old rules is checked.
|
|
|
|
| |
|
|
|
I will take a closer look at this and make sure it is fully working in the next build.
Thanks!
Jeff |
|
|
|
| |
|
|
|
Jeff,
I also noticed when updating policies that it sometimes does not download the latest rules files. It just gets the policy details from the database, then checks rules files, finish.
|
|
|
|
| |
|
|
|
Is it because of caching? by default idspm caches updates for 24 hours. It does this to increase speed of downloading and extracting when updating multiple policies and snort.org doesn't allow downloading rules more then once every 15 minutes.
hmm. I just checked on how to change this and there isn't an option. :) to manually change this, just add the following in the idspm.config file changing 24 to a value you like. (This is in hours) This should be placed at the same level in the xml file and not at the end of the file.
<SECTION Name="IDSPM">
<KEY Name="CacheTimeout" Value="24" />
</SECTION>
This will be added in the next build.
Cheers,
Jeff |
|
|
|
| |
|
|
|
I figured as much but wasn't sure on how IDSPM made it's download decision.
|
|
|
|
| |
|
|
|
Jeff,
Anyway to get a select/unselect all button on the policy update window?
|
|
|
|
| |
|
|
|
sure, this should be easy enough. expect this in the next build.. any other ideas?
Cheers,
Jeff |
|
|
|
| |
|
|
|
How about the same thing for the upload window?
I seem to be timing out (or so it seems) when uploading the policy to a sensor much more often with 2.1. With 2.0 it happened on random policies at random times and it was not often enough to be a problem. With 2.1 the update seems to stop after every 2 or 3 policies.
|
|
|
|
| |
|
|
|
yea.. I will add it to both forms.
as for the timeout.. can you give a little more information about this problem. This is the first I have ever heard of this happening. you might want to check the upload.status.log file in the C:\Documents and Settings\\Application Data\Activeworx\IDS Policy Manager SA directory to see if it give any more details.
Cheers,
Jeff |
|
|
|