IDS mailing list archives
Re: ssh and ids
From: Christian Kreibich <christian () whoop org>
Date: Thu, 24 Jun 2004 00:24:45 -0700
Hey Marty, On Tue, 2004-06-22 at 14:11, Martin Roesch wrote:
RNA doesn't just do "port profiling". The detection of a new active port/service/protocol/server/etc may indicate activity that should be analyzed by our policy compliance analysis stage on our management console (now called the Sourcefire Defense Center).
how do you let people express policies? Couldn't really find any info on that on your site (if it's in the downloadable papers -- sorry couldn't be bothered to fill in the form).
The result of this analysis can then be leveraged to provide whatever kind of response the user in interested in.
again, how do you let the user express this?
Thanks,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Current thread:
- ssh and ids Runion Mark A FGA DOIM WEBMASTER(ctr) (Jun 18)
- Re: ssh and ids Adam Powers (Jun 21)
- Re: ssh and ids Martin Roesch (Jun 21)
- Re: ssh and ids Tony Carter (Jun 22)
- Re: ssh and ids Jason (Jun 22)
- Re: ssh and ids Adam Powers (Jun 22)
- Re: ssh and ids Martin Roesch (Jun 23)
- Re: ssh and ids Christian Kreibich (Jun 24)
- Re: ssh and ids Gary Flynn (Jun 21)
- Re: ssh and ids Frank Knobbe (Jun 22)
- Re: ssh and ids Bamm Visscher (Jun 23)
- Re: ssh and ids Frank Knobbe (Jun 23)
- Re: ssh and ids Frank Knobbe (Jun 22)
- <Possible follow-ups>
- Re: ssh and ids Ron Gula (Jun 21)
- RE: ssh and ids Wozny, Scott (US - New York) (Jun 21)
- RE: ssh and ids Omar Herrera (Jun 21)
- RE: ssh and ids Matthew F. Caldwell (Jun 22)
- RE: ssh and ids Frank Knobbe (Jun 22)
- RE: ssh and ids Peter_Schawacker (Jun 22)