This repository has been archived by the owner on Aug 31, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 159
Update
Rob edited this page Aug 14, 2014
·
1 revision
Back to The FIDO Assembly Line
After and event has been processed the final step in the FIDO assembly line is to go back and update detectors which did not alert initially. The premise is that if one detector was able to find something malicious on our network, why not take the artifacts used in the discovery and import them into the other detectors thereby achieving more complete coverage. We've been working with several security vendors on this idea and we hope it becomes common practice. Currently this step is still on the drawing board as most vendors are not providing automated means of importing data, but the ones which do we will have support for as we are able to create modules.