Hi all,
I just wanna clarify that , is the backdoor event engine(which does all
the signature detection) eventually invokes the corresponding event
engine and the Analyser .
For example let me take SSH , when the ssh packet is recevied
through
the libpcap , the backdoor event engine will be th e one which
handles
the packet first , based on the signatures invokes the ssh event
engine
and the ssh event engine invokes the Policy scripts which contain
the
event handlers/analysers ..finally log the data to the file.
Please correct me if my understanding is wrong.
Thanks,
Anand