Downloading Stormshield updates

Stormshield regularly provides:

  • New built-in security policies,

  • Updates of built-in rule sets or new rule sets,

  • Yara resources,

  • IoC resources.

These resources can be found on the Stormshield public server or on a local server of your choice if you work in an offline environment. For more information on how to configure customized servers, refer to the section Configuring the Stormshield update server.

You can download them at any time in your administration console separately from SES Evolution updates.

When new policies, rule sets or Yara and IoC resources are available, an indicator will appear on the icon in the upper banner of the console. Click on the icon to go to the panel in which updates are downloaded.

If you want to download resources that you do not already have, use the Install all button in the menu or the Install button in the panel to the right of each category. In this case, the new versions of resources that you already have will not be installed.

If you want to download new versions of resources that you have, use the Update all button in the menu or the Update button in the panel to the right of each category.

You must have at least the Show privilege on Policies or Resources to view the updates available in this panel.

Version release notes describe the new features in each resource. You can refer to them in a PDF file by clicking on icon to download release notes on the row of the resource, if the PDF file is on the update server.

After you download an update for rule sets that have already been deployed, a new version of the policies in question will be automatically created if you have selected Always use latest version of rule sets and there is nothing more you need to do.

After downloading Yara or IoC resources that are already used and deployed in rules, a new version of the rule sets that use these resources will be automatically created.

You can find the new Yara or IoC resources in the Security > Resources menu, under Stormshield YARA and Stormshield IOC.

You must hold Edit permissions on Policies in order to perform these operations.

Depending on user roles, you can make this panel inaccessible or display it in read-only mode, by using the Updates permission in the user panel. If you select None as the privilege, the panel in which updates are downloaded will not be visible.

For further information, refer to the section Managing users on the SES Evolution administration console.

To disable notifications when a new update is available, unselect Enable notifications at the top right side of the panel.

For more information on the resources available in this panel, refer to the sections Understanding built-in and custom security policies, Understanding built-in rule sets and Analyzing behavior on user workstations.