[Snort-users] False positives and false negatives
bernat at ...14066...
Sat Feb 10 14:04:50 EST 2007
OoO Lors de la soirée naissante du samedi 10 février 2007, vers 17:28,
maged shaker <maged.shaker at ...14064...> disait:
> How can reduce the false positives are alerts generated by an IDS ?
> which the additional tool or plug-in can do that ,so there are problems
> because they create alert noise that can hide a real attack, and what the
> additional tool can do that
> How can detect the false negative "real attack " that was missed by
> the IDS ?
You can use a tool like OSSEC. Or a tool like Sguil.
Keep it right when you make it faster.
- The Elements of Programming Style (Kernighan & Plauger)
More information about the Snort-users