Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Automating Signature Database Installation

CSO checks for the availability of new signatures on a daily basis, downloads them when they are available, and then installs these signatures based on the installation settings that you configure by using this page.

As a tenant administrator, you can automate the signature database installation process by configuring the installation settings based on your requirements at the tenant level. You can configure CSO to install the signature database immediately when it is available or specify a recurring schedule at which the installation process must be run. As part of this, you can also configure other options that include settings for alarm generation on completion of the signature installation, micro-application support, and Intrusion Detection and Prevention (IDP) signature installation. You can configure these settings at the all sites, selected sites, or selected site groups levels. However, the configurations at the selected site level overwrite the configurations at the selected site groups and all sites level. The configurations at the selected site groups level overwrite the configurations at the all sites level.

You can also install signatures manually, by using the on demand signature installation feature. For more information, seeManually Installing Signatures.

To configure the signature installation settings:

  1. Select Administration > Signature Database.

    The Signature Database page opens.

  2. Click Auto Installation Settings.

    The Auto Signature Installation Settings page opens.

  3. Click the add (+) icon.

    The Add Auto Signature Installation Settings page opens.

  4. Complete the configuration settings according to the guidelines provided in Table 1.
    Note:

    Fields marked with an asterisk (*) are mandatory.

  5. Click OK.

    The settings are saved.

Table 1: Fields on the Add Signature Installation Settings Page

Field

Description

Targets

Select the target type to which you want to apply the signature database installation settings. The following options are available:

  • All Sites

  • Selected Sites

  • Selected Site Groups

The configurations at the Selected Sites level overwrite the configurations at the All Sites and Selected Site Groups levels. The configurations at the Selected Site Groups level overwrite the configurations at All Sites level.

Note:

You must not duplicate the sites or site groups across multiple installation settings.

At a tenant level, you can create only one installation settings with All Sites as target. Similarly, you can create only one installation settings with the same set of site groups or sites.

Site Groups

Available if you have chosen Selected Site Groups as the target type.

Select the site groups to which you want to apply the signature installation settings.

You can also add the site groups later by editing the settings.

Sites

Available if you have chosen Selected Sites as the target type.

Select the sites to which you want to apply the signature installation settings.

You can also add the sites later by editing the settings.

Generate Alarms

Click the toggle button to configure CSO to generate an alarm on completion of the signature installation. A successful installation triggers an information alarm. A failed installation triggers a critical alarm.

Enable Micro Apps

Click the toggle button to configure CSO to identify micro-applications. Enabling this button executes the following set command on the device: set services application-identification micro-apps.

An example of micro-application is as follows:

Consider a dynamic application MODBUS. READ and WRITE are sub functions or operations of MODBUS application. For these sub-functions, we must define micro-applications such as MODBUS-READ and MODBUS-WRITE. In this case, MODBUS is the base application and MODBUS-READ and MODBUS-WRITE are nested applications, that is, micro-applications. By configuring these micro-applications in security policies, you can allow or deny MODBUS sub-functions rather than blocking or allowing the entire MODBUS application.

Install IDP Signature

Click the toggle button to enable installation of Intrusion Detection and Prevention (IDP) signature. If the device does not have a valid IDP license installed, the application (App ID) signature is installed.

If you have not enabled this option, CSO installs the APP ID signature on the device by default.

Retry When Device is Up

Click the toggle button to enable CSO to retry installing the signatures on devices where signature installation failed because the host was down (this event triggers a Host Down alarm). CSO retries installation of signatures when the device is up and reachable.

You can refer to the install job log to know if the installation (which failed in the first attempt) will be retried.

Install Option

Select an option to specify when to install the new signature when it is available. The following options are available:

  • Install immediately

  • Install based on a schedule – If you select this option, choose a schedule as well.

Schedule

Select the frequency at which the signatures should be installed.

  • Weekly

  • Monthly

Days of week

Available only if you have selected the weekly schedule.

Select the day(s) on which the signatures should be installed every week.

Days of month

Select the day(s) on which the signatures should be installed every month. If a month has lesser number of days than what is specified, the signature is installed on the last day of the month.

Time

Specify a time at which the installation should be initiated. CSO uses the local time zone.

After the signature database is installed successfully, you can deploy the firewall policy (that references IPS profiles or application signatures) on the device.

Related Documentation