Re: [RFC] programmatic IDS routing
On Wed, 19 Mar 2008 13:02:48 EDT, Steve Grubb said:
files. In order for the IDS system to be able to distinguish an open
of a
watched file from an open of a *special* watched file that an alert should be
sent for, I'd like to propose a standard way of alerting the IDS that this
record needs additional scrutiny.
Why do we need special handling for something the IDS should be able to do for
itself? If your IDS system doesn't already have a copy of the list of
"special"
watched files, you have *bigger* problems.
Attachments:
- attachment.sig (application/pgp-signature — 226 bytes)