r1 - 17 Oct 2008 - 15:19:34 - MattJonkmanYou are here: TWiki > 
Main Web > OpenInfosec > EngineFeatures > ScoringThresholds
Main Web > OpenInfosec > EngineFeatures > ScoringThresholdsScoring Thresholds
In the style of SpamAssassin?, to allow less reliable but important rules not generate a full alert, but add score to an IPs reputation. That score would time out after a defined threshold, but if in the defined period the same IP gained other points it would eventually generate an alert. This would let us put to much more effective use signatures like the ones detecting hostile exe packers, plain old exe downloads, or frequency of connections to unusual apps. -- MattJonkman - 17 Oct 2008
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback