Idp database updating – Amer Networks E5Web GUI User Manual

latest intrusion threats. For full details about obtaining the IDP service please refer to Appendix A,
Update Subscriptions.

Figure 6.11. IDP Database Updating

Automatic Updating

New attacks can be discovered on a daily basis, so it is important to have an up to date signature
database in order to protect the network from the latest threats. Auto-update is an option that
can be enabled or disabled by the administrator.

With auto-update enabled, signature database updates are downloaded automatically by cOS
Core at a configurable interval. This is done via an HTTP connection to the Clavister server
network which delivers the latest signature database updates. If the server's signature database
has new signatures then new updates will be automatically downloaded, replacing any older
versions. No reconfiguration is needed by the administrator to activate new signatures.

If auto-update is disabled then updates must be explicitly forced and the administrator needs to
be aware of when new updates are available. However, this approach does help with more
quickly detecting any false positives that new signatures might produce.

Setting the Correct System Time

It is important that a cOS Core has the correct system time set if the auto-update feature in the
IDP module can function correctly. An incorrect time can mean the auto-updating is disabled.

The following console command will show the current status of the auto-update feature:

> updatecenter -status

This information can also be viewed using the Web Interface by going to: Status > Maintenance

Chapter 6: Security Mechanisms

470