Snort mailing list archives
Re: philosophical question
From: Marco Aurelio Valtas Cunha <mavcunha () bit fmrp usp br>
Date: Wed, 31 Jul 2002 11:33:07 -0400
Yeah, that's a good point of view, but tunning means more like "know what is the data in your network, then update only the rules that apply to it." It's better have false positives than miss real alerts.
Marco. Eduard San Anselmo wrote:
I've just installed snort and everything seems to work fine. Too fine, I would say: my sensor is informing of many alerts that aren't so, I mean, there are lots of false positives that I'm supposed to tune. That's my question: what does tuning mean? The way I see it is that I have to look at the alerts and change some things in the rules that triggered those alerts, so they won't bother me again. Is that a good point of view?Thank you. ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- ############################################################## # Atenção meu email mudou para mavcunha () bit fmrp usp br # # Veja porque http://scarecrow.fmrp.usp.br/~mavcunha/public # # Attention my email changed to mavcunha () bit fmrp usp br # # See why here http://scarecrow.fmrp.usp.br/~mavcunha/public # ############################################################## Marco Aurélio Valtas Cunha Laboratório de Bioinformática Hemocentro de Ribeirão Preto Faculdade de Medicina de Ribeirão Preto Universidade de São Paulo Tel 55 16 3963-9300 R: 9603 homepage http://bit.fmrp.usp.br email: mavcunha () bit fmrp usp br ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- philosophical question Eduard San Anselmo (Jul 31)
- Re: philosophical question Marco Aurelio Valtas Cunha (Jul 31)
- RE: philosophical question RR (Jul 31)
- <Possible follow-ups>
- RE: philosophical question McCammon, Keith (Jul 31)