Forum Discussion

jerm1020_254086's avatar
jerm1020_254086
Icon for Nimbostratus rankNimbostratus
Aug 16, 2016

attack signature updates

I am looking to settle a conversation I am currently having with a customer. he states that with the signature updates that the "enable staging" box must be checked for the policy and only the new updates will be in staging at that time not the entire policy( I'm referring to the actual policy page not the signature update page, I am sure that one goes into staging regardless) My understanding is that the signatures that were updated as well as any new sigs go directly into staging for seven days and that if you click "enable staging" on the policy, it puts the entire policy into staging and will not block anything? is this the case? is being in staging mode just nearly the same as transparent? any and all advice is appreciated, a step by step guide to safely implementing signature updates would be extremely helpful if someone had guidance on this

 

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    On the policy properties page you can configure the Enforcement Readiness Period (i.e. Staging) and Signature Staging.

     

    Any new policy items, e.g. new file types, will be determined by the Enforcement Readiness Period, if you select Perform Staging on the new object when adding it.

     

    In regards Signature Staging, this is just for new Attack Signatures. By default this is enabled. This means when you update your signatures the new ones will be in staging and (optionally) the updated ones too. There is a seperate tick box for Updated Signatures.