Snort mailing list archives
RE: Tuning snort palse positives
From: "Ron Jenkins" <rjenkins () dibr net>
Date: Sun, 9 Jan 2005 08:02:45 -0600
Just a note. Most all IDS solutions will yield False Positives. The false positive will usually be high in number especially if you are monitoring web traffic from inside to the public. If you are going to introduce an IDS solution (any type), you will need to spend time baselining your environment to trim the alert types that base serve you. Thanks... ________________________________ From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Juan Fernandez Sent: Sunday, January 09, 2005 4:34 AM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Tuning snort palse positives Hi, I wanted to ask all of you if you reached a point in snort installation in which there aren't any false positives or negative alerts. It seems that snort can't be reliable in 100% and I will always receive wrong alerts.... Does any of you receive just real alerts (just alerts that indicate penetration or attempt to penetrate the network? ). I'm starting to think that snort doesn't worth all the energy and hours im spending on it. Thanks !!
Current thread:
- Tuning snort palse positives Juan Fernandez (Jan 09)
- <Possible follow-ups>
- RE: Tuning snort palse positives Ron Jenkins (Jan 09)