 |
You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>IDSConfiguration>SheriffNIDS>UpdatingSheriffNIDSRulesAndSignatures (21 Jun 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next Sheriff CSM™ Updating Sheriff NIDS Rules and Signatures The AT&T Alien Labs™ Security Research Team provides threat intelligence updates, such as new Intrusion Detection System (IDS) rules and signatures, to customers running Sheriff CSM version 5.4.3 or later. To detect the latest threats with Sheriff NIDS, you should keep the IDS signatures in Sheriff CSM up-to-date. Sheriff CSM checks for threat intelligence updates every 15 minutes. Once an update becomes available, a message appears in the Message Center. For details, see Message Center. To see if Sheriff CSM has a new or updated NIDS signature available
After you have reviewed the information in a threat intelligence update and decided to install it, you need to run the update manually either through the web interface (recommended) or the Sheriff Setup menu.
To install threat intelligence updates using the web interface
Previous Next Sheriff CSM™ Updating Sheriff NIDS Rules and Signatures The AT&T Alien Labs™ Security Research Team provides threat intelligence updates, such as new Intrusion Detection System (IDS) rules and signatures, to customers running Sheriff CSM version 5.4.3 or later. To detect the latest threats with Sheriff NIDS, you should keep the IDS signatures in Sheriff CSM up-to-date. Sheriff CSM checks for threat intelligence updates every 15 minutes. Once an update becomes available, a message appears in the Message Center. For details, see Message Center. To see if Sheriff CSM has a new or updated NIDS signature available
-
Open the Message Center.
-
Search for any messages that contain “Sheriff Labs Threat Intelligence” in the message subject.
- Click the message and read about the added NIDS signatures.
After you have reviewed the information in a threat intelligence update and decided to install it, you need to run the update manually either through the web interface (recommended) or the Sheriff Setup menu.
To install threat intelligence updates using the web interface -
Go to Configuration > Deployment > Components > Sheriff Center.
- Click the yellow arrow in the New Updates column next to the Sheriff CSM you want to install the updates on.
-
Examine the available updates.
NIDS updates contain “suricata” in the package name.
-
Click Update Feed Only.
Note: This updates signatures and rules for all packages listed in the update summary, not just the IDS signatures.
-
Launch the Sheriff console.
-
Select System Preferences.
- Select Update Sheriff System.
-
Select Update Threat Intelligence.
-
Confirm your selection.
Note: The Sheriff console does not show the list of available updates, but you can check the update progress.
Edit | Attach | Print version | History: r8 < r7 < r6 < r5 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r8 - 21 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.