Hi John, Botnet seems to have caught that just fine (it's listed in the rules > which were triggered). The problem is either that you're running it > at a lower score (which you could also do for Botnet0.8 if you wanted > to upgrade -- their default scores are exactly the same), or you need > other rules/configs to supplement your overall scoring system.
Yes, I didn't intend to blame it on botnet; I realize the rule is being triggered. I guess I was concerned about raising the score above my current 1.5, and was thinking that instead some other rule was available, or being used by someone on the list, in conjunction with botnet to catch these. If not, can you recommend an approach on calculating the right score for botnet for my environment, so it doesn't tag so many FPs, or what an appropriate value should be with my threshold being set to 5.0? Thanks again, Alex
