Multiple updates? problem with panel?

[imadsani]

Hey,

I've been noticing a lot of updates rolling in since upgrading to 4.0, I'm curious, is this happening with everyone else or is the panel at my end malfunctioning?

Updated the panel twice this morning and now I see more updates.

Multiple updates seen for

• Malware Detection Engine
  Intrusion Detection System / Intrusion Prevention System
  Web Application Firewall

Update:

Clicked on update ad this is what I get

Code: Select all

Checking versions ...
  ASL version is current: 	PASS
  APPINV rules are current: 201402101531	PASS
  CLAMAV rules are current: 201403231352	PASS
  GEOMAP rules are current: 201403231317	PASS
  MODSEC rules are current: 201403231319	PASS
  OSSEC rules are current: 201403231543	PASS
Generating report ...
Finished
Done.

Btw, I've disabled automatic updates

[scott]

We do release updates for various modules many times a day, its not particularly unusual. You can see the live stream of different changes on our twitter feed here:

https://twitter.com/atomicorp

[imadsani]

thanks for that, the new version upped the paranoia

[scott]

We did add a bunch of new feeds in there with 4.0, and we tried to make it clearer on what kinds of updates were being applied (or not) by Aum.

The analysis component is also vastly improved, and that is also part of the update. If you recall in ASL 3 we had a large database set that would routinely need to be purged, and could cause performance problems. The new design completely gets rid of that requirement, and part of that you'll see in the updater phase as it loads some of our new analysis modules.

To see what I mean, go into ASL Web, and click on an IP in the event viewer. You'll see the history of all the attacks from that IP pop up very quickly, its country of origin, histogram charts, rules triggered, etc. Its a great way to ID hosts that are worthy of the ban-hammer.