Snort mailing list archives
RE: philosophical question
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Wed, 31 Jul 2002 10:59:10 -0400
Correct. You need to examine what you believe to be FP, and adjust your rules files accordingly. The popular method is to pass on the sig in local.rules or the like, or write BPF statements to correct the issue.
-----Original Message----- From: Eduard San Anselmo [mailto:esananselmo () albasoft com] Sent: Wednesday, July 31, 2002 11:00 AM To: snort-users () lists sourceforge net Subject: [Snort-users] philosophical question I've just installed snort and everything seems to work fine. Too fine, I would say: my sensor is informing of many alerts that aren't so, I mean, there are lots of false positives that I'm supposed to tune. That's my question: what does tuning mean? The way I see it is that I have to look at the alerts and change some things in the rules that triggered those alerts, so they won't bother me again. Is that a good point of view? Thank you. ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- philosophical question Eduard San Anselmo (Jul 31)
- Re: philosophical question Marco Aurelio Valtas Cunha (Jul 31)
- RE: philosophical question RR (Jul 31)
- <Possible follow-ups>
- RE: philosophical question McCammon, Keith (Jul 31)