Analysis and Review

Signature update automation script

by


Configuring the Status of Signatures can be a daunting task. Especially if you have multiple Cisco IPS systems. Using the Cisco IPS signature status change script / web form is a huge time saver. So when you get your email updates from Cisco about the new signature releases you can just input what you want to enable and disable into this web form. Type in the name of the signature definition in the the first line then click the add signature button to add more web form fields to the web form.

It’s important to keep the number of enabled signatures as low as possible – any disabled signatures should be retired.

Signature definition name

The result of the submit button will yield all the commands necessary to enter into your Cisco ips CLI.

The results will look like this

service signature-definition sig0
signatures 6213 0
status
enabled false
retired true
exit
exit
signatures 6456 0
status
enabled false
retired true
exit
exit

Once you copy the output just log in to your IPS sensor via ssh and enter configuration terminal mode, config t. Paste the list of command and give the sensor while to process the series. Upon completion of processing the IPS will ask if you want to apply the changes. type “yes” and hit enter.

You’re now done modifying your IPS signature the quickly with my online Cisco ips web form script for signature updates.

Below is what the script / web form is actually doing for you. These are the commands and description as referenced by Cisco.

First: Log in to the CLI using an account with Administrator or Operator privileges.

Second: Enter signature definition submode.

sensor# configure terminal
sensor(config)# service signature-definition sig1

Third: Choose the signature you want to configure.

sensor(config-sig)# signatures 12000 0

Forth: Change the status for this signature.

sensor(config-sig-sig)# status
sensor(config-sig-sig-sta)# enabled true

Fifth: Verify the settings.

sensor(config-sig-sig-sta)# show settings
status
———————————————–
enabled: true default: false
retired: false
———————————————–
sensor(config-sig-sig-sta)#

Sixth: Exit signatures submode.

sensor(config-sig-sig-sta)# exit
sensor(config-sig-sig)# exit
sensor(config-sig)# exit
Apply Changes:?[yes]:

Seventh: Type yes to apply the changes or no to discard them