As far as I know, many signatures manage their false positives inside their code.
In my opinion, false positive management should be seen as a configuration matter and not as code modification.
That would be usefull to have a unique central file to reference that information.
As a consequence, that will avoid to have to change the python code.
That will make it easier to manage versionning.
That could be done inside that kind of json file :
{ "mysignature": { "domains" : [ "domain1", "domain2], "ips" : ["IP1","IP2"] }, "another_sig" : {....
I dont really know how it can be implemented. But I will be happy to help if I can find a way.
Hello,
As far as I know, many signatures manage their false positives inside their code. In my opinion, false positive management should be seen as a configuration matter and not as code modification.
That would be usefull to have a unique central file to reference that information. As a consequence, that will avoid to have to change the python code. That will make it easier to manage versionning.
That could be done inside that kind of json file : { "mysignature": { "domains" : [ "domain1", "domain2], "ips" : ["IP1","IP2"] }, "another_sig" : {....
I dont really know how it can be implemented. But I will be happy to help if I can find a way.
Thank you