Rules utilisation

Hello,

There is something that I don't understand. I was believing that
the bleeding-edge rules was done in order to test the validity
of the rules.

However, I never see that there is a mecanism that allow to collect
experiences with bleeding-edge rules.

I give an example: Monday, a infected computer has been plugged
on the internal network I am managing. This computer has initiating
an IRC connection and receive instructions. A dozen computers are
then infected with an unknow virus exploiting the Lsa  vulnerability.
Some rules have been usefull in such circonstances :
the rules on LSA,  the rules on IRC  communication on  non standard port,
and  RXBOT rules.

In my opinion, these kind of rules, that have proved to be usefull should
be distinguished. I don't know exactly how it is possible to do such a 
thing.
Perhaps a vote, or something that can summarize the worth of the rules
on at least 3 criterions:
criticality
number of positives
number of false positives


Thierry



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl