Snort mailing list archives

Re: Tuning snort for false positives.

From: "Joel Esler \(jesler\) via Snort-users" <snort-users () lists snort org>
Date: Wed, 3 Jan 2018 19:56:23 +0000

There are all kinds of methods to tuning Snort.  That being said, if you believe that 90% of your alerts are false 
positives, it would probably be beneficial to report those false positives to the rule writers.

Instructions to file a false positive report: Submit a False 
Positive<http://blog.snort.org/2016/11/reporting-false-positives-with-snortorg.html>.


--
Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com>






On Jan 3, 2018, at 2:23 PM, fatema bannatwala via Snort-users <snort-users () lists snort org<mailto:snort-users () 
lists snort org>> wrote:

Most of the time almost 90% of the alerts result in false positive, and is kind of time consuming

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Fwd: Tuning snort for false positives. fatema bannatwala via Snort-users (Jan 03)
- Re: Tuning snort for false positives. Joel Esler (jesler) via Snort-users (Jan 03)
  - Re: Tuning snort for false positives. fatema bannatwala via Snort-users (Jan 03)
    - Re: Tuning snort for false positives. Joel Esler (jesler) via Snort-users (Jan 03)
    - Re: Tuning snort for false positives. fatema bannatwala via Snort-users (Jan 03)
    - Re: Tuning snort for false positives. Joel Esler (jesler) via Snort-users (Jan 03)
    - Re: Tuning snort for false positives. fatema bannatwala via Snort-users (Jan 03)