Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.

Visit http://www.aanval.com/ for more information.

Aanval:Signature Processing Report

From Aanval Wiki
Jump to: navigation, search

Aanval can manage IDS signatures from Snort VRT (Vulnerability Research Team) and Emerging Threats. Daily Aanval can retrieve signature updates from all enabled signature sources and apply them to active IDS sensors.

Automatically Updating Signatures and Receiving Signature Reports

By accessing Console Configuration > Console > Preferences, users can scroll to the Signature section and enter in the Email Report field any number of email addresses (separated by commas) and Email Subject (Signature Processing Report is entered by default), and click Update at the bottom to commit changes. The option Download & Processing within that section must also be enabled. Users also have the options to replace existing signatures and update enabled policies with new revisions as updates are retrieved and processed. Once option changes are complete, user emails will receive daily email updates for each enabled signature source regarding changes to signatures. Below is a sample email:

Signature Processing Report (limited to most recent 250 signatures):
Processing Count - New: 4 Processing Count - Revisions: 1226 Processing Count - Skipped: 36339 Processing Count - Deleted: 1226 Processing Count - Policies Updated: 1226

Before enabling automated options to download and process signatures, we strongly recommend users first visit the Signature Management page to ensure an understanding of signature management and that all factors are configured.

See Also