Saturday, December 25, 2010

IDS Policy manager Config

Procedure for Deployment of IDS Policy Manager for Centrally managing Snort sensor.

1). Set the Update locations of the policy/rule file



2). Create Policy for the IDS Sensors.below screen shows 2 Snort IDS Policies are created for managing 2 different Sensors.Intialize the Created Policy with the Base Config file Snort.conf and the latest downloaded rules tar file.


3). 2 IDS Sensors are created as shown below. Assign the created policy to this newly created IDS Sensor.


Separate Policies are assigned for each Sensors.


Same Policy is assigned for each Sensors.


After this upload settings must be configured to upload the latest rules/snort.conf and for this FTP port 21 must be enabled from this central server to the IDS Sensor. and DOS script is also required locally to manage  the stop/start of the sensor. 







Once the policies are updated successfully the Snort IDS Sensor needs to be restarted. 
Posted by Rajesh Shethia at 4:31 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)