IDS mailing list archives
Re: Re: ISS - virtual patching
From: "David Maynor" <dmaynor () gmail com>
Date: Sat, 22 Jul 2006 09:31:51 -0400
The X-Force decides if the signature should be a blocking or an audit signature. The decsion is based on a number of things like the confindence in the signature, known evasion techniques (if there are any the signature will be reworked), and from the analysis of the X-Force Advanced R&D team. Disclaimer: Once upon a time I was in the X-Force AR&D team. On 18 Jul 2006 11:49:21 -0000, john () nomail com <john () nomail com> wrote:
I don't get it. How do signatures get their status (detection only or also prevention)? Do the vendors release the signatures with this marked in the signature or does the SOC team need to read the signatures and decide one by one how to deploy them for each device? ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- ISS - virtual patching phb (Jul 12)
- Re: ISS - virtual patching David Maynor (Jul 24)
- Re: ISS - virtual patching Stefano Zanero (Jul 27)
- <Possible follow-ups>
- Re: ISS - virtual patching john (Jul 21)
- Re: Re: ISS - virtual patching David Maynor (Jul 24)
- Re: ISS - virtual patching thunking (Jul 21)
- RE: ISS - virtual patching Palmer, Paul (ISSAtlanta) (Jul 24)
- RE: ISS - virtual patching Palmer, Paul (ISSAtlanta) (Jul 24)
- RE: ISS - virtual patching Palmer, Paul (ISSAtlanta) (Jul 25)
- Re: ISS - virtual patching David Maynor (Jul 24)