[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oisf-discussion
Subject:    [Discussion] OISF suggestions
From:       lists () inliniac ! net (Victor Julien)
Date:       2009-02-11 9:16:14
Message-ID: 4992975E.6060008 () inliniac ! net
[Download RAW message or body]

Josh Smith wrote:
> I think the administrator should have the ability to sign alerts
> created by the OISF engine with PGP.  The administrator could use the
> private/public key model so they would be able to tell if the alerts
> had been spoofed or altered.

I think this is a good suggestion, however I think it should not be part
of the engine itself. I think for alerting we want a setup similar to
Snort's unified->barnyard and I think the pgp stuff can be done in the
barnyard replacement... make sense?

Cheers,
Victor

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]