[Discussion] Submitted Ideas
Victor Julien
lists at inliniac.net
Thu Feb 5 06:25:10 UTC 2009
Same here, for all of them though, except the alert message substitution
and on the fly rule updates...
It all sounds very interesting... if I only knew what it meant ;-)
Regards,
Victor
Martin Holste wrote:
> Those last two need quite a bit of explanation (at least for me)...
>
> On Wed, Feb 4, 2009 at 1:33 PM, Matt Jonkman <jonkman at jonkmans.com
> <mailto:jonkman at jonkmans.com>> wrote:
>
> Martin Fong of SRI sent in a list of some very good ideas. I'll post
> them below and lets discuss a bit. I'm sure Martin can add to it as
> we go.
>
>
> - Content-based alert message substitution
> - Non-combinatoric IP/port lists
> - Cooperative event loops (e.g., libevent) to support asynch I/O
> - On-the-fly rule updates without state loss
> - Configuration file conditional preprocessor
> - Variable blackboards
> - Non-tokenized preprocessor parameter lines
>
> Thanks Martin!
>
> Matt
>
> --
> --------------------------------------------
> Matthew Jonkman
> Emerging Threats
> Phone 765-429-0398
> Fax 312-264-0205
> http://www.emergingthreats.net
> --------------------------------------------
>
> PGP: http://www.jonkmans.com/mattjonkman.asc
>
>
> _______________________________________________
> Discussion mailing list
> Discussion at openinfosecfoundation.org
> <mailto:Discussion at openinfosecfoundation.org>
> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Discussion mailing list
> Discussion at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Discussion
mailing list