[Snort-users] philosophical question

Marco Aurelio Valtas Cunha mavcunha at ...6497...
Wed Jul 31 08:34:03 EDT 2002


Yeah, that's a good point of view, but tunning means more like "know 
what is the data in your network, then update only the rules that apply 
to it." It's better have false positives than miss real alerts.

Marco.

Eduard San Anselmo wrote:
> I've just installed snort and everything seems to work fine. Too fine, I 
> would say: my sensor is informing of many alerts that aren't so, I mean, 
> there are lots of false positives that I'm supposed to tune. That's my 
> question: what does tuning mean? The way I see it is that I have to look 
> at the alerts and change some things in the rules that triggered those 
> alerts, so they won't bother me again. Is that a good point of view?
> Thank you.
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code=31
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 


-- 
##############################################################
# Atenção meu email mudou para  mavcunha at ...6497...     #
# Veja porque http://scarecrow.fmrp.usp.br/~mavcunha/public  #
# Attention my email changed to mavcunha at ...6497...     #
# See why here http://scarecrow.fmrp.usp.br/~mavcunha/public #
##############################################################
Marco Aurélio Valtas Cunha
Laboratório de Bioinformática
Hemocentro de Ribeirão Preto
Faculdade de Medicina de Ribeirão Preto
Universidade de São Paulo
Tel 55 16 3963-9300 R: 9603
homepage http://bit.fmrp.usp.br
email: mavcunha at ...6497...





More information about the Snort-users mailing list