On 7/21/05, Palmer, Paul (ISSAtlanta) <[EMAIL PROTECTED]> wrote: > > Jim asks: "Is there any way to edit the Network Sensor (version 7) > policy with a text editor, and reliably apply this policy?" > > This is probably a better topic for the issforum mailing list. However, > a quick answer: > > The policies themselves are text based so can be easily edited with a > text editor of your choice. With Site Protector, the "master" copies of > these policies are stored within its database. Therefore, use the > console's policy editor to export the policy to a flat file, edit the > policy by hand, and then use the policy editor re-import the policy into > the database. If I recall correctly, the console will automatically ask > you if you wish to reapply the updated policy to all sensors that use it > when you re-import. > > I hope this helps. > > Paul
Paul (and others): thanks for the responses on this topic. Indeed, the "export/edit/import" process works fine. I also wrote a couple shell scripts (a la Cygwin) to generate multiple event filters when there are several src/dst pairs involved. Makes it much easier and faster, and less error-prone, than doing it manually. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
