Re: Reliability of signatures

[Martin Holste <mcholste () gmail com>]

> Actually this discussion is helping.  It's letting us know what you are
> interested in.

Ok, cool.

So, here's my feedback to SF/ET regarding what will help, and I'll try
to summarize the above comments to be sure I have understood them:

1. Up/down vote per gid:sid:rev my analysts can click on at the tail
end of an investigation to indicate that something's been helpful with
a way to make a note of how it was helpful.
2. Dshield/sidreporter-style automated submissions so that you guys
can see the sigs that are flagging on all kinds of FP's right off the
bat and also to get a cross-section of what IP's are flagging alerts.
3. Up/down vote for category confidence on a given gid:sid:rev.
And, I'd personally add a fourth that I feel is very important:
4. Tag suggestion for a gid:sid:rev with corresponding up/down vote
for confidence.

I personally want to see 1 and 4 implemented ASAP, and they can be
started without retrofitting to all existing signatures.  Each datum
contributed is value added.

------------------------------------------------------------------------------
The modern datacenter depends on network connectivity to access resources
and provide services. The best practices for maximizing a physical server's
connectivity to a physical network are well understood - see how these
rules translate into the virtual world? 
http://p.sf.net/sfu/oracle-sfdevnlfb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users