Downloading Stormshield updates
Stormshield regularly provides:
New built-in security policies,
Updates of built-in rule sets or new rule sets,
These resources can be found on the Stormshield public server or on a local server of your choice if you work in an offline environment.
You can download them at any time in your administration console separately from SES Evolution updates.
When new policies, rule sets or Yara and IoC resources are available, an indicator will appear on the icon in the upper banner of the console. Click on the icon to go to the panel in which updates are downloaded.
If you want to download resources that you do not already have, use the Install all button in the menu or the Install button in the panel to the right of each category. In this case, the new versions of resources that you already have will not be installed.
If you want to download new versions of resources that you have, use the Update all button in the menu or the Update button in the panel to the right of each category.
You must have at least the Show privilege on Policies or Resources to view the updates available in this panel.
Version release notes describe the new features in each resource. You can refer to them in a PDF file by clicking on on the row of the resource, if the PDF file is on the update server.
After you download an update for rule sets that have already been deployed, a new version of the policies in question will be automatically created if you have selected Always use latest version of rule sets and there is nothing more you need to do.
After downloading Yara or IoC resources that are already used and deployed in rules, a new version of the rule sets that use these resources will be automatically created.
You can find the new Yara or IoC resources in the Resources menu, under Stormshield YARA and Stormshield IOC.
You must hold Edit permissions on Policies in order to perform these operations.
Depending on user roles, you can make this panel inaccessible or display it in read-only mode, by using the Updates permission in the user panel. If you select None as the privilege, the panel in which updates are downloaded will not be visible.
For further information, refer to the section Managing users on the SES Evolution administration console.
To disable notifications when a new update is available, unselect Enable notifications at the top right side of the panel.
For more information on the resources available in this panel, refer to the sections Understanding built-in and custom security policies, Understanding built-in rule sets and Analyzing behavior on user workstations.
Updates are available by default on a Stormshield public server, but you can use a server of your choice.
To configure the server:
Select the System > General menu.
Click on Edit in the upper banner.
The feature is enabled by default. If you disable it, the panel in which updates are downloaded will no longer be visible and notifications of new available updates will also be automatically disabled.
In the Update server section, select the frequency of connections to the server. Choose Never to disable automatic connection to the server. In this case, click on the Check updates button in the panel where updates are downloaded, to manually connect to the server.
Keep the Stormshield server's default address, or enter the address of a local server of your choice.
Ensure that the connection to the server functions by clicking on Check address.
The backend component sets up connections to the update server in HTTPS over TCP port 443. If there are several backend components, one of them will be chosen at random to set up the connection to the update server.