Endpoint Protection

 View Only

  • 1.  Export of Intrusion Prevention Signatures

    Posted Oct 02, 2009 09:01 AM
    I would like to export the Intrusion Prevention Signature list.
    I am able to view the list in the policy, however I'm not sure if this is exportable.  Is it possible to run a report to obtain this information?
    Also, it shows I have ~1700 signatures, is this the total or are these the only ones that allow modification and or exceptions.
     


  • 2.  RE: Export of Intrusion Prevention Signatures

    Posted Oct 02, 2009 09:35 AM
    We can generate the follwing report  for  Intrusion Prevention

    Intrusion Prevention Signature Distribution

    This report displays the IPS signature file versions that are used throughout your network. It also includes the domain and server for each, as well as the number of computers and percentage of each. It consists of a pie chart and relative bars.




    ips.JPG


  • 3.  RE: Export of Intrusion Prevention Signatures

    Posted Oct 02, 2009 09:41 AM
    Thank you Prachand...however I'm not interesting in the signature versions.
    I want a lising of the actual signature names themselves.
    I'm sure these are in the db somewhere or on the SEPM?


  • 4.  RE: Export of Intrusion Prevention Signatures

    Posted Oct 02, 2009 10:15 AM
    I checked in the db , was not able to get an info on that ,
    ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/11.0/manuals/mr2/schema_reference_guide.pdf

    I don't think that there is an option to export the name from SEPM,

    This may help Attack Signatures

    http://www.symantec.com/business/security_response/attacksignatures/index.jsp