[Snort-users] RE: "False positive" database idea

Hudak, Tyler Tyler.Hudak at ...9167...
Tue Sep 23 11:04:03 EDT 2003


I really like this idea, since there are many times I see a new alert and
spend a lot of time researching only to find out that its a false positive.
(Not that I don't enjoy that research...its what makes IDS analysis fun)
But, why just do Snort signatures?  Why not include Cisco, ISS, Dragon, etc
sigs as well?  In the long run, I think it would make the database more
useful.

Tyler


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030923/cb0dcf36/attachment.html>


More information about the Snort-users mailing list