UpPrevious Next
Sheriff CSM™
Updating Sheriff NIDS Rules and Signatures
The AT&T Alien Labs™ Security Research Team provides threat intelligence updates, such as new Intrusion Detection System (IDS) rules and signatures, to customers running Sheriff CSM version 5.4.3 or later.
To detect the latest threats with Sheriff NIDS, you should keep the IDS signatures in Sheriff CSM up-to-date. Sheriff CSM checks for threat intelligence updates every 15 minutes. Once an update becomes available, a message appears in the Message Center. For details, see
Message Center.
To see if Sheriff CSM has a new or updated NIDS signature available
-
Open the Message Center.
-
Search for any messages that contain “Sheriff Labs Threat Intelligence” in the message subject.
- Click the message and read about the added NIDS signatures.
After you have reviewed the information in a threat intelligence update and decided to install it, you need to run the update manually either through the web interface (recommended) or the Sheriff Setup menu.
To install threat intelligence updates using the web interface
-
Go to Configuration > Deployment > Components > Sheriff Center.
- Click the yellow arrow in the New Updates column next to the Sheriff CSM you want to install the updates on.
-
Examine the available updates.
NIDS updates contain “suricata” in the package name.
-
Click Update Feed Only.
Note: This updates signatures and rules for all packages listed in the update summary, not just the IDS signatures.
The upgrade process can take several minutes. After completion, the page displays a message indicating a successful update.
To install threat intelligence updates in the Sheriff Setup Menu
-
Launch the Sheriff console.
-
Select System Preferences.
- Select Update Sheriff System.
-
Select Update Threat Intelligence.
-
Confirm your selection.
Note: The Sheriff console does not show the list of available updates, but you can check the update progress.
The upgrade process can take several minutes. After completion, the console displays a message indicating a successful update.