In Aanval, Snort and Suricata signatures are managed in a dedicated Signature Management display that is accessed through the Policy display. Select a policy, then select the Signatures button.
Once you have created a new policy, and successfully imported events into the console (either from a sensor, or from a signature downloads package), you can manage these signatures in an extremely efficient and simple interface.
The interface is divided into two primary sections, Signature classes on the left side, and signatures of the selected classes on the right side.
You may limit the results in either section using the search / filter input box, and you can Enable or Disable specific signatures by clicking the applicable Enable or Display button. Alternatively, Aanval provides several buttons at the bottom of the interface that allow a user to Toggle All, Enable All or Disable all selected / filtered signatures.
A total of Enabled Signatures is provided at the top of the interface.
Changes to signatures are automatically saved for the selected policy, but do not get pushed out to sensors until the Update Sensors button is clicked.
Users may create new signatures in Aanval, simply click the Create Signature button and a simple interface is provided with the appropriate signature fields.
Editing signatures is similar to creating them, selecting the Details button of any signature will provide access to an Edit button.
Deleting a signature is simple, and permanent. From the details view of any signature, clicking the Delete button will permanently remove a signature from the system.
Note, all changes to signatures do not automatically get pushed to any sensors unless the Update Sensors button is clicked. Once clicked, all sensors assigned to the selected policy will being downloading the new signature changes. This could take up to 5 minutes, depending on how many signatures are enabled in your policy.