TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
We have RS 6.0 installed with 12 Nokia appliances running RS Network Sensor.
Tuesday, we started seeing the nimba worm when three specific signatures
started trapping at a much increased rate than before.
Is there some way to establish a baseline of hits, a level that we are aware
of, a level that we are logging to our database for further consideration but
which are not logging to the console nor paging us but then alert us if that
threshhold is exceeded?
For instance, if we see 50 Windows Executables signature hit daily, we want to
trap on those and analyze them as we get time but understand that we will
receive a certain amount of these daily. However, on Tuesday, we had over
50,000 hits. Is there a way to page us not before but once a threshhold is
exceeded?
Thanks
Dan Wangler, GIAC Certified Intrusion Analyst
IT Security Response Team, Texas Instruments, Inc.
Spring Creek Bldg 1, C196,
6500 Chase Oaks, Blvd, MS 8417, Plano, Texas, 85023
Tel #; 214-567-8304; Email:; [EMAIL PROTECTED]
