IDS mailing list archives
RE: Tuning false positives - SIM is not the answer
From: Ron Gula <rgula () tenablesecurity com>
Date: Fri, 13 Jan 2006 18:58:31 -0500
At 05:37 PM 1/13/2006, Mike Owen wrote:
On 1/13/06, Matthew Caldwell <mcaldwel () micromuse com> wrote: > You could always solicit to have the source for the Linux/GNU/GPL'ed > apps to be published from Cisco. Linksys had the same problem because > they could have modified the code. The same thing could be applied from > another perspective for other products out on the market. > > Matt That wouldn't work. The only GPL code on there is RedHat 7.2, the source of which is available. Everything else is Cisco/Protego IP, which they are under no obligation to release.
There is always the Nessus 2 code as well.Ron
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- Re: Tuning false positives - SIM is not the answer, (continued)
- Re: Tuning false positives - SIM is not the answer Jason (Jan 11)
- Re: Tuning false positives - SIM is not the answer Brent Stackhouse (Jan 12)
- Re: Tuning false positives - SIM is not the answer Jason (Jan 11)
- Re: Tuning false positives - SIM is not the answer Brent Stackhouse (Jan 10)
- Re: Tuning false positives - SIM is not the answer Jason (Jan 11)
- Re: Tuning false positives - SIM is not the answer Brent Stackhouse (Jan 11)
- RE: Tuning false positives - SIM is not the answer Bruce Young (Jan 15)
- Message not available
- RE: Tuning false positives - SIM is not the answer Ron Gula (Jan 16)