Automating Signature Database Installation
CSO checks for the availability of new signatures on a daily basis, downloads them when they are available, and then installs these signatures based on the installation settings that you configure by using this page.
As a tenant administrator, you can automate the signature database installation process by configuring the installation settings based on your requirements at the tenant level. You can configure CSO to install the signature database immediately when it is available or specify a recurring schedule at which the installation process must be run. As part of this, you can also configure other options that include settings for alarm generation on completion of the signature installation, micro-application support, and Intrusion Detection and Prevention (IDP) signature installation. You can configure these settings at the all sites, selected sites, or selected site groups levels. However, the configurations at the selected site level overwrite the configurations at the selected site groups and all sites level. The configurations at the selected site groups level overwrite the configurations at the all sites level.
You can also install signatures manually, by using the on demand signature installation feature. For more information, seeManually Installing Signatures.
To configure the signature installation settings:
Field |
Description |
---|---|
Targets |
Select the target type to which you want to apply the signature database installation settings. The following options are available:
The configurations at the Selected Sites level overwrite the configurations at the All Sites and Selected Site Groups levels. The configurations at the Selected Site Groups level overwrite the configurations at All Sites level. Note:
You must not duplicate the sites or site groups across multiple installation settings. At a tenant level, you can create only one installation settings with All Sites as target. Similarly, you can create only one installation settings with the same set of site groups or sites. |
Site Groups |
Available if you have chosen Selected Site Groups as the target type. Select the site groups to which you want to apply the signature installation settings. You can also add the site groups later by editing the settings. |
Sites |
Available if you have chosen Selected Sites as the target type. Select the sites to which you want to apply the signature installation settings. You can also add the sites later by editing the settings. |
Generate Alarms |
Click the toggle button to configure CSO to generate an alarm on completion of the signature installation. A successful installation triggers an information alarm. A failed installation triggers a critical alarm. |
Enable Micro Apps |
Click the toggle button to configure CSO to identify
micro-applications. Enabling this button executes the following set
command on the device: An example of micro-application is as follows: Consider a dynamic application MODBUS. READ and WRITE are sub functions or operations of MODBUS application. For these sub-functions, we must define micro-applications such as MODBUS-READ and MODBUS-WRITE. In this case, MODBUS is the base application and MODBUS-READ and MODBUS-WRITE are nested applications, that is, micro-applications. By configuring these micro-applications in security policies, you can allow or deny MODBUS sub-functions rather than blocking or allowing the entire MODBUS application. |
Install IDP Signature |
Click the toggle button to enable installation of Intrusion Detection and Prevention (IDP) signature. If the device does not have a valid IDP license installed, the application (App ID) signature is installed. If you have not enabled this option, CSO installs the APP ID signature on the device by default. |
Retry When Device is Up |
Click the toggle button to enable CSO to retry installing
the signatures on devices where signature installation failed because
the host was down (this event triggers a You can refer to the install job log to know if the installation (which failed in the first attempt) will be retried. |
Install Option |
Select an option to specify when to install the new signature when it is available. The following options are available:
|
Schedule |
Select the frequency at which the signatures should be installed.
|
Days of week |
Available only if you have selected the weekly schedule. Select the day(s) on which the signatures should be installed every week. |
Days of month |
Select the day(s) on which the signatures should be installed every month. If a month has lesser number of days than what is specified, the signature is installed on the last day of the month. |
Time |
Specify a time at which the installation should be initiated. CSO uses the local time zone. |
After the signature database is installed successfully, you can deploy the firewall policy (that references IPS profiles or application signatures) on the device.