[Discussion] OISF suggestions

• Previous message (by thread): [Discussion] OISF suggestions
• Next message (by thread): [Discussion] The Revealer a proposal for the solution to many of our problems
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Josh Smith wrote:
> I think the administrator should have the ability to sign alerts
> created by the OISF engine with PGP.  The administrator could use the
> private/public key model so they would be able to tell if the alerts
> had been spoofed or altered.

I think this is a good suggestion, however I think it should not be part
of the engine itself. I think for alerting we want a setup similar to
Snort's unified->barnyard and I think the pgp stuff can be done in the
barnyard replacement... make sense?

Cheers,
Victor

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

• Previous message (by thread): [Discussion] OISF suggestions
• Next message (by thread): [Discussion] The Revealer a proposal for the solution to many of our problems
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]