RE: Tuning false positives

["Gary Halleen (ghalleen)" <ghalleen () cisco com>]

Joel,

Your test was of version 2.5, while we're currently on version 4.1.
There have been significant changes and improvements in the past year+.

Gary

 

-----Original Message-----
From: Joel M Snyder [mailto:Joel.Snyder () Opus1 COM] 
Sent: Thursday, December 29, 2005 8:03 AM
To: focus-ids () securityfocus com
Subject: Re: Tuning false positives

Gary Halleen (ghalleen) <ghalleen () cisco com> wrote:

> Before I catch too many flames, let me clarify that I recommend a
good  > SIM product, of which MARS is one.

Hmmm, speaking of flames... not sure that I would necessarily agree that
MARS is even a SIM product at all, depending on your definition of SIM,
but in any case rather than flame in public, I'll pitch out:

http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss506_art1043,00
.html

which is a test I did of five SIMs late last year.

jms

--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
jms () Opus1 COM    http://www.opus1.com/jms    Opus One

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------