The upgrade to the CSA 5.1

Although there is no way of migrating to 5.1 CSA, it is conceivable to build from scratch, re - write the rules and redeploy the new agent.

Has anyone tried this before? I have? m looking for success and horror stories. My biggest fear is the redeployment of the agent? I guess just re - install a new agent over a former agent is not smooth.

If you go to maintenance > Export/Import, you can export policies, variables, etc... then import them into the new version.

If you simply export a policy, it exports all rules support, variable, etc... If you do not have to fish around.

Just be selective if you do not have to do a ton of cleanup afterwards.

Your p

Tags: Cisco Security

Similar Questions

  • Remove the CSA 4.0 to a server that has CSA 5.0 on him as well

    I currently have the management consoles both CSA 4.0 and 5.0 of CSA installed and running from the same server (because of an upgrade). Is there a way to remove CSA 4.0 from the server without impacting the CSA 5.0 server or hosts?

    If not, there is a way to remove the CSA MC 4.0 software, it is possible to turn it off so that it operates more (to an agent / host's point of view)?

    It's been a long time I did, but I think you remove the Management Center for CSA 4.X in Add/Remove programs by choosing Ciscoworks and choose the MC for 4.X as a choice when the initial dialog box appears.

    There may be other ways, but it's the only one I remember.

    Tom

  • Are the CSA English Japanesse, Korean, Spanish, Portuguese,

    Are the CSA English, Japanese, Korean, Spanish, Portuguese-related communities.

    I subscribe to the Portuguese community under a different pseudonym.  I used the same apple ID.

    I would like to sign for the Spanish community.  Should I create a new alias of community? Can I use one of my two existing aliases?

    How items are dealt with between the community.  I got zero for the Portuguese forum.

    I should have gotten the details before.

    R

    You can use the same user name and the ID in all Forums. All Forums are separated. You may only transfer your points for a limited time when Forums began. Points and badges due in a Forum see on another Forum.

    Please stop in the'RE-CSA Forum. We need the talents of high level like get you to help the homegown talent the Forum going. Furthermore, I feel alone.

    I am so proud.

  • Where can I get the CSA Profiler?

    Could someone tell me where I can get the trial version of the CSA Profiler? I'm not in the download page.

    Thank you

    Nitass

    The profiles/amalysis generator room is included in the download of the software, just to install the trial license for it.

    Tom

  • What is the default action of the CSA?

    Hi all

    I'm a newcomer to the CSA. I have a few questions as follows. Could you please clarify it for me?

    1. If all the rules do not match the event, what measures will it take place? Allow or deny?

    2. If the first answer is allow, how it can protect the system from the zero-day attack?

    Thank you very much

    Nitass

    Nitass,

    You are right that if no rules are triggered, CSA does not interfere with the application. But to answer the second half of your original question, CSA protects attacks zero-day monitoring of behavior rather than signatures. In other words, it doesn't matter what the attack code looks like, no matter what he does. For example, if you get attacked by a new virus, not have a signature for your anti-virus software to detect. But if she tries to install a copy on your computer, or tries to install a rootkit, or open a port for listening or scans for other vulnerable hosts, CSA detects these actions and block them.

  • [Cisco ACS 5.2] Disk partitions used by display of the CSA?

    Salvation (and happy new year)

    In Cisco ACS 5.2, there are several disk partitions:

    Which partition is used by the view of the CSA?

    A document that explains all the features of partitions exist?

    Kind regards

    Patrick

    Patrick,

    I'm not aware of a document that explains all the ACS 5.x Disk Partitions. However, I can assure that the display of the ACS are stored on the/opt partition.

    If you have an ACS 5.x on a Production network, one of the requirements is to install using the 500 GB HARD disk. The / opt folder on a 500 GB ACS reserves 347 Go to this folder (/ opt) because it stores the information in view of the CSA (reports and newspapers). It is the large partition as ACS View data includes all the ACS reports.

    I hope this helps.

    Kind regards.

  • General question about the csa

    Hello

    The CSA coverage buffer overflows with all applications?

    Thank you

    Lisa G

    Hi Lisa,

    AFAIK CSA see all buffer overflows if you have an active State and you do not have an exception for an application.

    I have messages from buffer overflow of a bunch of applications and made exceptions for about 40.

    HTH

    Tom

  • RDP for the CSA MC using the user state

    I'm trying to activate an administrator remote access to the MC via RDP. The rule is triggered, which denies this action is #262. Is there a way to allow access to the box based on user RDP State? I need what the admin group is part of a DHCP pool so I can't nail down to just its address. Documentation is not very clear in the application of States of the user.

    Sorry for the long answer... I hope this helps...

    YES, it is absolutely possible to do. Let's say your MC is in a group called "MC CSA Group. In this group, you have implemented policies. Beside policies are your rule failet etc... So what you need is to create a new strategy (set it to Windows or Linux, if necessary). You then create a new 'Module of rule' that you attach to the new policy that you just created. When you create the new rule Module, you'll see an article that says "steady-state". Select the option "apply this rule module if the following status conditions are met:" click the checkbox beside of "user state:". "» Selection in the State of the user list, click on 'NEW '. Here, you will need to create a user state based on what you want to be able to RDP to the CSA MC. give the new user to the user a state name. Here you have the choice, you can create a specific user (i.e. If only a domain user id must have access), or you can use a domain or Local Group. (I.e. If the Domain Admins need to access the CSA MC to the RDP). Allows that you want to use the group Active directory 'Domain Admins '... "The corresponding to groups" enter the EXACT name of the domain group (Ex: MYDOMAIN\MYGROUP). Click Save. Select the new status for the user, and then save the new rule module. Assign the new rule module to the new policy and implement the new strategy of the Group CSA MC. Finally, you need to navigate the new rule module that you created and add a NETWORK access CONTROL RULE. Create an allow rule that will allow the termsrv.exe as server TCP/3389. No matter what host (you said they were on DHCP. I recommend to create a specific DHCP scope for users, so you can lock it the most). Save the rule and generate.

  • How to turn command of the CSA approval?

    Hello

    I have GBA 4.1 for Windows!

    I test Cisco6513 of authorization of a user command.

    The problem is that the switch is allowing the orders that I denied GBA for that particular user.

    I enclose the screenshots.

    Can someone tell me what I'm missing? Should I put some certain commands in 6513 to activate command of the CSA approval?

    My switch to ACS config is:

    AAA new-model

    AAA server Ganymede group + name1

    Server ACSserver1

    !

    AAA authentication login default group local name1

    enable AAA, activate the default authentication group name1

    AAA authorization exec default group name1 authenticated by FIS

    aaa IP http authentication

    radius-server ACSserver1 host

    done - no radius-server request

    RADIUS-server key xxxxx

    These commands, you are missing

    AAA authorization commands 1 default group Ganymede + authenticated if

    AAA authorization commands 15 default group Ganymede + authenticated if

    AAA authorization config-commands

    Kind regards

    ~ JG

    Note the useful messages

  • How to permanently remove it from the event log in the CSA MC

    I run the Cisco Secure Agent 4 deployed on 4 PCs I have enabled documented logging just because it's a test environment & I wanted to see how many events it would generate. Well, last I checked CSA MC (under summary of events) it has more than 300,000 (it's just 300 000) events recorded. I have modified the event handler and applied the new rules, but the machine™ is slooooow both because of more than 300,000 events. Please see the screenshot joint. How do I permanently purge the event log. I used the purge within the CSA MC command but it removed only 10,000 events. The machine is slow so that I can do nothing about it.

    Well, I wanted to send the screenshot, but the machine is slow I can't even attach the file. But in all cases, the problem is that the window summary displays message of more than 300,000 events & I need for permannently remove events.

    Thank you.

    Was the only one I know how is to use "events" and click all events. From there, you can click or purge the events of your choice.

    Also, what are the specifications of server you use?

    I have been involved with MCs with more than 2 x what you have & this server is satisfactory product.

    Hope this helps,

    Peter

  • display data in the order of the CSA

    Hello

    I want to display these data in the order of the CSA, but its doesn't come not properly arrested IE by the no.

    Column
    1 abc defg
    2 aer ftg
    Cheikh Tidiane 11 efg
    20 Amps efg

    I use this query
    Select f_n had order by regexp_substr(f_n,'[0-9]*',1)

    but then this comes as
    1 abc defg
    Cheikh Tidiane 11 efg
    2 aer ftg
    20 Amps efg

    I want to like

    1 abc defg
    2 aer ftg
    Cheikh Tidiane 11 efg
    20 Amps efg

    Thank you

    Hello

    user13305573 wrote:
    Thank you

    It works
    I wanted to know one thing

    If I have a columnr as
    1.1.1 abc efg
    1.1.2 bdg efg

    So how can I use the query so that I can get the results in the order of the CSA.

    I use like this order of

    order by to_number (regexp_substr (f_n,'[0-9] + (\.))) [ 0-9] *) ?', 1)) ;

    But it's 1.1 and 1.2 correctly and not for large 1.1.1

    It would be sort "1.11' front ' 1.2'; This is not what you want, is it?

    I think that's what you want:

    order by  to_number (regexp_substr (f_n, '[0-9]+', 1, 1))
,       to_number (regexp_substr (f_n, '[0-9]+', 1, 2))
,       to_number (regexp_substr (f_n, '[0-9]+', 1, 3))

    The 4th argument to REGEXP_SUBSTR he said what case to take.

  • CSS beta to eliminate duplicates and spaces in the headers of the list of the CSA

    I use the /content to my list of discussion topics CSA box/Header for my messages contains excessive redundancy and white space. Turningtest2 has all the link on this page with /content

    Communities and categories site map

    Reduction in the header of the web pages list CSA.

    http://pastebin.com/raw/ecgF6kwg

    You don't need to make any changes when it is used with the combined css user style sheet.

    https://discussions.Apple.com/docs/doc-7501

    If you use you will be required to change one number. Find line 70 and change.

    top:-120px! important;   / * = If you want to run this with on the main css, change of-120 to-80px = * /.

    example: https://discussions.apple.com/content?filterID=following ~ objecttype 5% Bthread % 5 d

    Here's what my /content list resembles a safari unmodified. We see that a discussion on the first page.  Yet, see a list of discussions is the goal of this web page.  Should focus on the satisfaction of the purpose of the page, instead of filling with a grab bag of things.

    With css changes, notice how I can see six discussions I participate instead of one. Notice, how the sidebar has been replaced by a horizontal navigation bar and I always get discussions more listed on the web page in stock.  I got rid of the icon display block without value. Everything is always present, in much less space.  I would like to make a few adjustments more to better align objects and adjust the size of the elements, but there is only what I can do with css.

    < image edited by host >

    Okie dokie...

    • I'm using Firefox 47.0.1
    • I prefer Zoom ' more a TWO' = CMD + 0 THEN CMD + 1 TWICE = text size is good, and the margins are tolerable

    See at the bottom of my list of forum "home port" (my page 20 minutes reloadEvery)

    • When I visit content like you page show
    • I simply hit 'Page Down' button only once and POOF goes the white space

    ::

    heckuvalot more easy for ME that the implementation of a CSS

    ::

  • Starting point of the CSA

    We are deploying CSA ver5.0 in our society. I read 2 books for Cisco Press but wanted to get an idea of what real companies use as their groups. We have all the windows, all Types of desktop computers, remote desktop or Mobile and CTA. Everyone thinks it is exaggerated or under the protection of a starting point?

    The only problem we encountered so far is that the IBM portable computer touchpad driver is detected as an untrusted root kit. If someone met what I'd like to hear about your solution. TAC still works with us on this to create an exception that works.

    Thank you

    Dvergau,

    I think it is maybe too kill to a pilot group. That is where I hope you intend to start. You want to import a little, you decide what is a little, then slowly adjust and Add. What I mean is that you need to adjust these rules that block the operation. Then add a little more political and other.

    Many people have several ways of doing things. Some suggest simply use the wizard for all, many will tell you to clone all groups and modify those that don't. Cloning is a pretty smart way to keep a reference point. Yet once again, I suggest you start small and build up to the reference level.

    Regarding the rootkit, it's tough. The only way to allow the rootkits are to use the wizard. The wizard will make the hashes and application and the exception. I found a similar problem with Symantec. Leaving me the only option to disable the notification, or to add hashes on the fly.

    Hope this helps, if you need just to all creation information and politics rule. I'll help you better than I can.

    Kind regards

    Christopher

  • Register with different versions of the CSA to Cisco ACS primary

    Hello, I updated a backup unit of two ACS to the 5.4.0.46.0a version first I changed it to standalone, and now I'm trying to save for the main CSA that is running the 5.1.0.44.2 version

    And I get this error

    This failure has occurred: com.cisco.nm.acs.im.certificate.Certificate; incompatible local class: stream classdesc serialVersionUID = 8507982043664257993, local class serialVersionUID = 1927357986028617243. Your changes have not been saved. Click OK to return to the list page.

    What can I do to solve it?

    Kind regards

    The primary and the secondary must be run on the same code.

    Jatin kone
    -Does the rate of useful messages-

  • Organization of the CSA

    I'm looking for some tips on how to better organize the policies, the Modules of the rule and the rules.

    Specifically, is it better to create more policy, rule or rules Modules.

    Leave as much of the intact original Setup you can and new policies > modules > rules for your exceptions.

    This not only will make it easier to manage, it will make updates much easier.

    Upgrades will replace the original configuration only objects if they have not changed.

    Most who are replaced by an upgrade, less you have to do it manually.

    Have all exceptions in a single or strategies should allow you to manage more effectively too.

Maybe you are looking for