On Wed, 19 Mar 2008 13:02:48 EDT, Steve Grubb said: > files. In order for the IDS system to be able to distinguish an open of a > watched file from an open of a *special* watched file that an alert should be > sent for, I'd like to propose a standard way of alerting the IDS that this > record needs additional scrutiny. Why do we need special handling for something the IDS should be able to do for itself? If your IDS system doesn't already have a copy of the list of "special" watched files, you have *bigger* problems.
Description: PGP signature