[Emerging-Sigs] Detailed change-logs
jwilliams at emergingthreats.net
Fri Apr 17 12:41:40 HDT 2020
It can be any of those things, really whatever makes sense given the
Sometimes there is a more efficient way today to write a rule, so we update
it to be more performant based on our tests and our traffic. Sometimes we
add a content to fix a false positive or take away a content which is
causing a false negative.
Sometimes we update rules to conform to a new rule syntax, it really
depends on what needs to be done.
Hope that helps!
On Thu, Apr 16, 2020 at 9:06 PM Guilherme Afonso Galindo Padilha <
gagp at cin.ufpe.br> wrote:
> Hello everyone,
> This is a continuation of last month's thread, but since it was quite a
> while ago, I thought it'd be better to start a new one. Last month you
> informed me that:
> "The most common reason for modifications (of rules) is that we simply
> learned something new about the traffic after we published it. Negating
> things that cause false positives, tightening or loosening detection logic
> based on time and observed traffic for the particular rule."
> Could you also inform me if those modifications are most commonly by
> adding more options to the rules, modifying the current ones or actually
> removing some?
> Guilherme Afonso Galindo Padilha
> Bachelor's degree in Computer Science - Undergraduate (2016.2)
> CIn - UFPE
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> Support Emerging Threats! Subscribe to Emerging Threats Pro
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs