[Snort-users] False positives and false negatives

Vincent Bernat bernat at ...14066...
Sat Feb 10 14:04:50 EST 2007

OoO Lors de la soirée naissante du samedi 10 février 2007, vers 17:28,
maged shaker <maged.shaker at ...14064...> disait:

> How can  reduce the  false positives are alerts generated by an IDS ?
> which the additional tool or plug-in  can do that ,so there are problems
> because they create alert noise that can hide a real attack,  and what the
> additional tool can do that
> How can detect the false negative  "real attack " that was missed by
> the IDS ?

You can use a tool like OSSEC. Or a tool like Sguil.
Keep it right when you make it faster.
            - The Elements of Programming Style (Kernighan & Plauger)

More information about the Snort-users mailing list