Re: [RFC] programmatic IDS routing
On Wednesday 19 March 2008 13:12:22 Linda Knippers wrote:
Rather than using the key for two purposes and introducing special
key
words, couldn't an admin just tell the IDS which he's are of interest?
And what the priority of each one is?
The problem is that you can tell the IDS that you want any reads
of /opt/my-secrets, but unless you have a matching audit rule you will not
get any records. This allows you to make sure you have a watch paired with
its meaning.
-Steve