I wanted to start a thread in the "CSC Ideas" area based on another thread started in the "Security > IPS-IDS" forum. The original thread was for a "Feature Suggestion" regarding sharing custom signatures for the IPS-IDS devices:
would be cool to see a repository of custom IPS signatures end users have created and want to share with the community.
Such as how Cisco does with EEM scripts.
Agreed. I think it would be interesting to see how others configure custom signatures from scratch, especially with any explanations behind their thought process, techniques, etc.
It might not be exactly what you're looking for, but users do have the ability to create documents in this forum. You can create a new document, and use that to walk-through a complete custom signature. If there were enough of them, it might be worth moving them into their own area of the forum.
What I would also find useful is shared information on how other people have TUNED their signatures.
I've started tracking my own tuned signatures, including notes on why it was tuned, any references, related signatures, documents, etc. This is primarily for internal use, but I'm looking forward to sharing a modified version of that same information in the future.
Or, how about some version of the SIO signature database that permitted user commenting/contributions? After all, a threaded forum isn't always the best format for long-term collaboration and reference. The current format for the SIO reference is useful and informative, but isn't collaborative at all (by design, of course).
I'm sure there are community members willing and able to contribute to improving/expanding the reference data therein.