[Emerging-Sigs] priority level

David Glosser david.glosser at gmail.com
Fri Jan 23 13:57:20 EST 2009


I know you don't, and I just wondering if anyone has... if there are any
"best practices" on this, and  which rules  would one set to a higher
priority (ie paged in the middle of the night vs reading a report during the
day)... Thanks...


On Fri, Jan 23, 2009 at 1:33 PM, Matt Jonkman <jonkman at jonkmans.com> wrote:

> Hey David. Generally we don't have priorities in our rules, thats
> something you can set locally if your event manager works on them.
>
> I'll get those two removed, thanks!
>
> Matt
>
> David Glosser wrote:
> > Looks like only one or two ET rules have priority levels associated with
> > them....
> >
> > Is there a list of suggested priorities for the ET rules to be changed
> > via oinkmaster or something?
> >
> > For example, a higher priority for new C&C or "0day" rules.....
> >
> > Thanks
> >
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Emerging-sigs mailing list
> > Emerging-sigs at emergingthreats.net
> > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> --
> --------------------------------------------
> Matthew Jonkman
> Emerging Threats
> Phone 765-429-0398
> Fax 312-264-0205
> http://www.emergingthreats.net
> --------------------------------------------
>
> PGP: http://www.jonkmans.com/mattjonkman.asc
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090123/54abae52/attachment.html


More information about the Emerging-sigs mailing list