[Emerging-Sigs] Detailed change-logs

Jason Williams jwilliams at emergingthreats.net
Fri Apr 17 12:41:40 HDT 2020


It can be any of those things, really whatever makes sense given the

Sometimes there is a more efficient way today to write a rule, so we update
it to be more performant based on our tests and our traffic. Sometimes we
add a content to fix a false positive or take away a content which is
causing a false negative.

Sometimes we update rules to conform to a new rule syntax, it really
depends on what needs to be done.

Hope that helps!


On Thu, Apr 16, 2020 at 9:06 PM Guilherme Afonso Galindo Padilha <
gagp at cin.ufpe.br> wrote:

> Hello everyone,
> This is a continuation of last month's thread, but since it was quite a
> while ago, I thought it'd be better to start a new one. Last month you
> informed me that:
> "The most common reason for modifications (of rules) is that we simply
> learned something new about the traffic after we published it. Negating
> things that cause false positives, tightening or loosening detection logic
> based on time and observed traffic for the particular rule."
> Could you also inform me if those modifications are most commonly by
> adding more options to the rules, modifying the current ones or actually
> removing some?
> Thanks,
> Guilherme
> --
> Guilherme Afonso Galindo Padilha
> Bachelor's degree in Computer Science - Undergraduate (2016.2)
> CIn - UFPE
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200417/92b2b4ee/attachment.html>

More information about the Emerging-sigs mailing list