[Snort-users] False positives

Alberto Gonzalez ag-snort at ...7149...
Mon Oct 21 21:09:03 EDT 2002


IMHO, you shouldn't just dismiss alerts as false positives, you 
determine if its a false positive by investigating.
If you have investigated before, and still are getting alerts, then you 
can pretty much dismiss those (be warned).
As to your e-mail, I really don't get what your trying to say. Snort 
reports on the rules you tell it to check packets
against, that simple. The ones you define in your snort config. (ie 
snort.conf).

Hope it Helps

    - Albert

Gary Verhulp wrote:

> How does wone report false positives for rules.
>
> What info do you need to include.
>
> Thanks
>
> Gary
>
-- 
The secret to success is to start from scratch and keep on scratching.






More information about the Snort-users mailing list