[Snort-users] False positives
ag-snort at ...7149...
Mon Oct 21 21:09:03 EDT 2002
IMHO, you shouldn't just dismiss alerts as false positives, you
determine if its a false positive by investigating.
If you have investigated before, and still are getting alerts, then you
can pretty much dismiss those (be warned).
As to your e-mail, I really don't get what your trying to say. Snort
reports on the rules you tell it to check packets
against, that simple. The ones you define in your snort config. (ie
Hope it Helps
Gary Verhulp wrote:
> How does wone report false positives for rules.
> What info do you need to include.
The secret to success is to start from scratch and keep on scratching.
More information about the Snort-users