From: Michael Boman <michael.boman@se...> - 2002-10-29 10:36:18
-----BEGIN PGP SIGNED MESSAGE-----
I was thinking, if the sensor is not known (like first time you start the
snort -T <other options>
should be issued to put the sensor in the database. I also suggests a
extractrules gets a --init option that add the sensor to the rman sensor
Another idea is also to have a 'default' sensor that is part of a default
group that has a bunch of rules the user think he wants to start off with.
Basicly anything that removes the catch22 would be nice.
What do you guys think about it?
The active response hacking has been suffering lack of progress lately as I
got busy with other tasks. It is still on my todo list however.
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----