[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] Attack Policy Best Practice



Hi All,
 
Quick question on creating (or 'deriving new') policy from ISS's default 'Attack Detector' policy.  What are the recommended signatures to configure RSKILLS for to protect the internal network with a version 7 network sensor? Or do I have to go through the whole list and either guess at which ones I should be protected from or do I go through the present analysis and whatever tag names show up I configure the policy to send RSKILLS to.  The latter seems a little backwards,  as in configuring the protection AFTER the attack....Sorry if this is a dumb question OR the wrong place to ask this question but I am new with the ISS IDS.

Thanks in advance!
 
Michael