I think it would be useful to have a mechanism to update rules apart
from the OSSEC releases. Something like a production and beta rules
repository in which people can contribute rules. OSSEC would do a
checkout once a day from whichever repository a user wants. As new
attack are seen, someone can write a rule and get it into the beta
repository, then the development team can simply verify it and release
it to production. This would allow the HID to stay current with new
attacks (think Code Red, Slammer, etc..). Thanks.
