[Discussion] Content-based alert message substitution

• Previous message (by thread): [Discussion] Content-based alert message substitution
• Next message (by thread): [Discussion] Non-combinatoric IP/port lists
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

First of Martin's ideas:

Content-based alert message substitution


I like this a lot. Being able to pull a username out of the packet and
put it in the alert. Of course this leaves a lot of opportunities for
injection attacks against the event manager, but that can be handled if
we're careful.



-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc

• Previous message (by thread): [Discussion] Content-based alert message substitution
• Next message (by thread): [Discussion] Non-combinatoric IP/port lists
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]