Daniel et al,
has any work been done to map out alert/rule/threat/attack taxonomies for ossec? Im thinking something similar to what we have in the top (ok, no flames here) SIM's today?
Personally, I think this work has only started to be done on the snort rule set ( you could use the classifcation field as a start ).
Anyhow, hope all is well with you and yours, Mike Poor
