[Emerging-Sigs] priority level

David Glosser david.glosser at gmail.com
Fri Jan 23 20:28:04 EST 2009


OK, you caught me :)

Sounds more and more like the logic of a "pageable event" needs to be done
after the snort rule is processed....

But are there any "WTF" rules (like maybe downadup) which you'd want a
higher priority from the beginning?



On Fri, Jan 23, 2009 at 6:57 PM, Frank Knobbe <frank at knobbe.us> wrote:

> On Fri, 2009-01-23 at 14:47 -0500, David Glosser wrote:
> > - so maybe I would get paged if a downadup/conficker rule gets tripped
> > on a server network
> > - but not get a page on a World of Warcraft rule from an end user
>
> What about a World of Warcraft rule from your server segment? Surely it

doesn't have the same low priority then WoW from a user segment :)
>
> -Frank
>
>
>
> --
> It is said that the Internet is a public utility. As such, it is best
> compared to a sewer. A big, fat pipe with a bunch of crap sloshing
> against your ports.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090123/d15725d7/attachment.html


More information about the Emerging-sigs mailing list