Quick question on creating (or 'deriving new') policy from ISS's default 'Attack Detector' policy. What are the recommended signatures to configure RSKILLS for to protect the internal network with a version 7 network sensor? Or do I have to go through the whole list and either guess at which ones I should be protected from or do I go through the present analysis and whatever tag names show up I configure the policy to send RSKILLS to. The latter seems a little backwards, as in configuring the protection AFTER the attack....Sorry if this is a dumb question but I am new with the ISS IDS.
Thanks in advance!
BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Michael Montgomery TEL;WORK:707-824-8800 x15 TEL;PREF;FAX:707-824-8866 EMAIL;WORK;PREF;NGW:mmontgomery@xxxxxxxxxxxxxxxxxx N:Montgomery;Michael TITLE:Senior Consultant END:VCARD