Snort mailing list archives

Re: False positives and false negatives

From: Vincent Bernat <bernat () luffy cx>
Date: Sat, 10 Feb 2007 20:04:50 +0100

OoO Lors de la soirée naissante du samedi 10 février 2007, vers 17:28,
maged shaker <maged.shaker () valuesys net> disait:

How can  reduce the  false positives are alerts generated by an IDS ?
which the additional tool or plug-in  can do that ,so there are problems
because they create alert noise that can hide a real attack,  and what the
additional tool can do that
How can detect the false negative  "real attack " that was missed by
the IDS ?


You can use a tool like OSSEC. Or a tool like Sguil.
-- 
Keep it right when you make it faster.
            - The Elements of Programming Style (Kernighan & Plauger)

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

False positives and false negatives maged shaker (Feb 10)
- Re: False positives and false negatives Vincent Bernat (Feb 10)
- Re: False positives and false negatives Paul Halliday (Feb 10)