One or more support programs have been updated:
The Windows Intrusion Detection System (WinIDS) has had a major update to the Rules Updating process. The rules can now be manually updated from a shortcut on the desktop or be scheduled to be ran silent.
The Rules updater can be optionally configured to send email results. An email will be sent for pretty much any outcome. The email will contain the sensor name in the subject field of the email from whichever sensor the email originated from (useful if there are multiple remote sensors sending emails to the same SMTP server). The script can also be set to silent mode which basically prevents any text output to the console (which was intended for remote unmanaged sensors).
The main features are:
- Will exit if a rule update is not available.
- Will update the rules if one is available.
- Updating the rules can be scheduled.
- The sensor can be optionally configured to send out email results.
- The sensor ID will be included in the subject of the email.
- If the update fails the verification process, it will rollback.
- Can be ran from a desktop shortcut in a console window.
- Can be ran optionally in silent mode for unmanaged remote sensors.
Email support requires access to a valid SMTP server...
There is a new tutorial available found here: Updating the Windows Intrusion Detection Systems Rules