[Snort-users] Tuning snort for false positives.
Joel Esler (jesler)
jesler at cisco.com
Wed Jan 3 14:56:23 EST 2018
There are all kinds of methods to tuning Snort. That being said, if you believe that 90% of your alerts are false positives, it would probably be beneficial to report those false positives to the rule writers.
Instructions to file a false positive report: Submit a False Positive<http://blog.snort.org/2016/11/reporting-false-positives-with-snortorg.html>.
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>
On Jan 3, 2018, at 2:23 PM, fatema bannatwala via Snort-users <snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>> wrote:
Most of the time almost 90% of the alerts result in false positive, and is kind of time consuming
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users