[Snort-users] RE: "False positive" database idea
Tyler.Hudak at ...9167...
Tue Sep 23 11:04:03 EDT 2003
I really like this idea, since there are many times I see a new alert and
spend a lot of time researching only to find out that its a false positive.
(Not that I don't enjoy that research...its what makes IDS analysis fun)
But, why just do Snort signatures? Why not include Cisco, ISS, Dragon, etc
sigs as well? In the long run, I think it would make the database more
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users