The X-Force decides if the signature should be a blocking or an audit
signature. The decsion is based on a number of things like the
confindence in the signature, known evasion techniques (if there are
any the signature will be reworked), and from the analysis of the
X-Force Advanced R&D team.
Disclaimer: Once upon a time I was in the X-Force AR&D team.
On 18 Jul 2006 11:49:21 -0000, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
I don't get it. How do signatures get their status (detection only or also
prevention)?
Do the vendors release the signatures with this marked in the signature or does
the SOC team need to read the signatures and decide one by one how to deploy
them for each device?
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
