Hi, On Wed, 2010-06-23 at 18:14 -0500, Martin Holste wrote:
Currently, there's not a community repository for pattern-db, but I believe Balabit is hoping to have one. That said, it does not sound like you need to use it for what you're trying to do. The value of pattern-db is in fine-tuned classification and also parsing fields out of the bodies of messages. For instance, here's a pattern I use to parse the basic fields in a Snort IDS log message:
There's progress on our patterndb front, but that seems to be slow, as we originally planned to come forward with a shiny web interface. However, I'm starting to think that simply creating a "best-practice" policy document and putting user-contributed patterns into a version controlled directory would give us tremendous value, even without the web interface. So this is what I'm going to do: * draft this patterndb policy document * create a git repository * create a daily snapshot of the set of "verified" patterns * ask anyone who has patterns to contribute their patterns (we do too) The policy document would be an important part of that, since a consistent naming policy would be very important to create a maintainable database. -- Bazsi