Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: False positives

From: Alberto Gonzalez <ag-snort () cerebro violating us>
Date: Tue, 22 Oct 2002 00:08:59 -0700
IMHO, you shouldn't just dismiss alerts as false positives, you determine if its a false positive by investigating. If you have investigated before, and still are getting alerts, then you can pretty much dismiss those (be warned). As to your e-mail, I really don't get what your trying to say. Snort reports on the rules you tell it to check packets against, that simple. The ones you define in your snort config. (ie snort.conf). 

Hope it Helps

   - Albert

Gary Verhulp wrote:


How does wone report false positives for rules.

What info do you need to include.

Thanks

Gary


--
The secret to success is to start from scratch and keep on scratching.




-------------------------------------------------------
This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576298;k?http://www.sun.com/javavote 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: