[Emerging-Sigs] Case sensitivity on rules classification

Nathan nathan at packetmail.net
Thu Jun 4 15:17:52 HDT 2020


In-line,

On Fri, 5 Jun 2020 00:59:26 +0100
Tiago Faria <tiago.faria.backups at gmail.com> wrote:

> This is definitely an Elastic issue. Problem with setting stuff up
> yourself is you'll quickly drift away from standards and will have to
> do maintenance on stuff that is supported by default.

Ah, dang. :)  This is the world I live in and love, otherwise we'd all
use G-Mail and not worry about running our own mailservers.  The
standards, more often times, are completely wrong.  That said, I abuse
GNU coreutils heavily :)

> Obviously transferring that responsibility to someone else isn't the
> goal either so if ET had a reason not to be committed to the names in
> the long run, and made frequent changes to them, I'd run that
> ingestion pipeline myself. Since it's not frequently changed I think
> it's easier to have that Elasticsearch "limitation" and keep an eye
> out for changes to the classification file.

Concur and agree.  In this day and age if we can still have "config
classification: kickass-porn,score! get the lotion!,1" you don't have
to worry about change too much.  Of course now that I've pointed
this out prepare for a random social media someone who is perpetually
offended to raise a fuss.  :)

Cheers,
Nathan


More information about the Emerging-sigs mailing list