Update the PT ISTI expert database

To process traffic, create events, and detect incidents, PT ISIM View Sensor uses a special Positive Technologies Industrial Security Threat Indicators (PT ISTI) expert database issued as the ptisim-rules package. If changes are made to PT ISTI (for example, rules for analyzing a new protocol or detecting new incidents and violations are added, or an error in existing rules is fixed), you can update the package separately from the rest of the product.

You can update the PT ISTI database on a single node or on multiple nodes at once. Use PT ISIM Overview Center to centrally update the database on all sensors in the hierarchy that are connected directly or via other Overview Center nodes. Package versions later than the current version are available for installation.

The PT ISTI database version must match the sensor version. For example, you cannot install the PT ISTI expert database version 5.1 on a PT ISIM 4.5 node. You must first update the PT ISIM node to version 5.1.

Each PT ISTI database update package includes all previous changes, so there's no need to install all updates in sequence, you just need to install the latest version.