IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: amount of alarms generated by IDS

From: "Alberto Gonzalez" <albertg () cerveau us>
Date: Mon, 3 May 2004 11:52:27 -0500 (EST)
Hello,

{ comments inline }


Hi,

I am interested in IDS products. I want to get some general idea on the
commercial IDS products. How many alarms will an IDS generate per day?


This is different on a per network basis, all depends on amount of traffic
that is received and what percentage of that are perceived to be
malicious.


How many percents of them are false positive?


Well, again this is similar to the above comment. Modern networks are so
complex, that it can be a HIGH volume in one environemnt, and fairly low
on others. You would have to analyze the alerts in order to determine if
it is a possible false positive. After sometime and thorough understanding
of your network, you will see that this tends to get a bit easier to
identify.


I know it depends on
products, the monitor network and other factors, such as date, time etc.

Thank you for your valuable time!



Hope that helps!


Zhenwei Yu



Alberto Gonzalez

-- 
"Success comes to the person who does today, what you are thinking of
doing tomorrow."





---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: