Snort mailing list archives
Re: False positives and false negatives
From: Vincent Bernat <bernat () luffy cx>
Date: Sat, 10 Feb 2007 20:04:50 +0100
OoO Lors de la soirée naissante du samedi 10 février 2007, vers 17:28, maged shaker <maged.shaker () valuesys net> disait:
How can reduce the false positives are alerts generated by an IDS ? which the additional tool or plug-in can do that ,so there are problems because they create alert noise that can hide a real attack, and what the additional tool can do that How can detect the false negative "real attack " that was missed by the IDS ?
You can use a tool like OSSEC. Or a tool like Sguil. -- Keep it right when you make it faster. - The Elements of Programming Style (Kernighan & Plauger) ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- False positives and false negatives maged shaker (Feb 10)
- Re: False positives and false negatives Vincent Bernat (Feb 10)
- Re: False positives and false negatives Paul Halliday (Feb 10)