I don't get it. How do signatures get their status (detection only or also prevention)?
Do the vendors release the signatures with this marked in the signature or does the SOC team need to read the signatures and decide one by one how to deploy them for each device? ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
