Forum Discussion

ghost-rider_124's avatar
ghost-rider_124
Icon for Nimbostratus rankNimbostratus
May 31, 2015

ASM Signature update procedure

Hello Experts

 

I found my signature updates are two year old. I just joined the organization. The previous admin did not update the signatures. The update mode settings is 'Manual' Now I am wondering, if I update all the signatures then that could block all the applications using the ASM policies (that are more than 15 applications).

 

What is the safe way to update the signatures in this scenario? Really appreciate your input

 

Regards,

 

GR

 

16 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    If you've configured the Enforcement Readiness Period (by default it's 7 days) then new signatures will be in staging once updated. During this period the policy won't block if these signatures are triggered. You can also configure this for updates signatures too.

     

    N

     

    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      The place updated signatures in staging is, as it says, only updated signatures not new ones. It's up to you whether you enable this one. I tend not to as you may weaken your policy. In the situation of a new signature you are no worse off by it being in staging
    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      To disable staging you can do it for all signatures once the staging period is over. You can Enforce the signatures not triggered. For those that have been then you can review the violations and allow if a false positive.
    • ghost-rider_124's avatar
      ghost-rider_124
      Icon for Nimbostratus rankNimbostratus
      But the settings in screenshot attached, saying that newly added signatures are always in staging and I cannot control this. So I am just wondering from where to disable staging for these signatures after sometimes?
  • you can disable signature staging, it is an option.

     

    but why do you want to, just add the new signatures, and after there enforcement readiness period check the ones without issues and enforce those. the rest you will have to investigate and then disable to enforce.

     

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      the only other field that lists days, the staging-tightening period.
    • ghost-rider_124's avatar
      ghost-rider_124
      Icon for Nimbostratus rankNimbostratus
      Thanks boneyard. Again the same question, one 7 days over, ASM automatically puts the signature out of staging? sorry for my ignorance
    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      Afraid not. You need to Enforce them manually in he staging-tightening part of the GUI.