Database Signing

DETECT has always tracked database revisions – you can see the list of revisions in the database directory at any time. As of version 2.36.22.0, the software also verifies database changes to ensure that any changes were intended. These protections are in place to prevent any malicious database manipulation, accidental editing, and to ensure that the system is running a consistent version of the database.

In the database directory, there is a new subdirectory called VMSData. This is where the verified, or “signed,” files are saved. This is a protected folder and these files cannot be edited, and are the files that the system is accessing for use.

Each database revision file is now assigned a unique GUID and a revision number, as well as an Approved User GUID and date that indicates which user made the most recent change, and when.

Note: The unsigned database files are still available, and still editable, although this is not a recommended practice.

When a change is made to a database, all logged-in users will receive a popup notification requesting that they log out and log back in to enact the change.

If an administrator is logged in when a change is made, they will be given the opportunity to verify the unsigned database manually using the menu located at Administrator > Edit > Manual Accept Change.

The approval form can be reviewed. Click OK to accept the new database.