Darin Cox wrote:
Update on this rule. Hits started at ~9:20am ET. We saw 365 hits in 40 minutes before we added the rule panic, of which ~5% were FPs. We pulled it since that is a large number of FPs for a single rule. In the next 20 minutes there were another 158 hits logged, but with the rule panic in place.
Our auto-panic monitoring system also shows that many systems panicked the rule on their own.
_M ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com>
