Snort mailing list archives
RE: "False positive" database idea
From: "Hudak, Tyler" <Tyler.Hudak () roadway com>
Date: Tue, 23 Sep 2003 14:02:52 -0400
I really like this idea, since there are many times I see a new alert and spend a lot of time researching only to find out that its a false positive. (Not that I don't enjoy that research...its what makes IDS analysis fun) But, why just do Snort signatures? Why not include Cisco, ISS, Dragon, etc sigs as well? In the long run, I think it would make the database more useful. Tyler
Current thread:
- RE: "False positive" database idea Hudak, Tyler (Sep 23)