IDS question

["Joubert Berger" <joubert () berger-family org>]

I got such a great response from you guys last time on my question about
Tripwire competitors (Thanks everyone who responded -- it really helped),
that I am going to ask some more questions and get people's opinions.  Some
of these questions might be very open-ended, but I am trying to get a feel
for things.  Any insight would be greatly appreciated.

How much effort is required to tune and maintain your IDS configuration?

What rate of false positives does your IDS produce?  Are false positives
problematic for you?  

What are the main categories of false positives that occur in your
environment?

What are the significant shortcomings (if any) that you experience with your
IDS?

No need to mention vendors if you are not comfortable.  I am starting my
evaluation of IDS and would like to know what kind of things to look for.

Many thanks in advance.

--joubert


---------------------------------------------------------------------------
---------------------------------------------------------------------------