[Snort-users] philosophical question

Eduard San Anselmo esananselmo at ...6002...
Wed Jul 31 07:47:17 EDT 2002


I've just installed snort and everything seems to work fine. Too fine, I 
would say: my sensor is informing of many alerts that aren't so, I mean, 
there are lots of false positives that I'm supposed to tune. That's my 
question: what does tuning mean? The way I see it is that I have to look 
at the alerts and change some things in the rules that triggered those 
alerts, so they won't bother me again. Is that a good point of view?
Thank you.





More information about the Snort-users mailing list