I have 3 Intrushield IPS sensors managed by a single NSP.
I would like to deploy different UDS to each IPS sensor, but it looks like I can only deploy all UDS at once by "exporting to manager"?
If I create an adminisrative domain, will that let me manage differnet UDS per sensor?
The scenario is as follows:
When I "export to manager" in UDS Editor, it updates all IPS senors with all UDS signatures, which is not what I want.
I've thought of maybe disconnecting one IPS sensor at a time, but am not 100% sure that won't get clobbered on the next automated signature update. That's also a support nightmware as well.
WHen the UDS is pushed, it automatically populates the default policies. You will need to clone the Policy, or create a new policy. At this point you can disable the UDS sig you want per individual policies.
You can also use rulesets to create a new Ruleset and bubble that up to a new policy. The rulesets give you control over individual attacks in the policy, and you can make your UDS decisions at that time.