[Snort-users] Tuning snort for false positives.

Joel Esler (jesler) jesler at cisco.com
Wed Jan 3 14:56:23 EST 2018


There are all kinds of methods to tuning Snort.  That being said, if you believe that 90% of your alerts are false positives, it would probably be beneficial to report those false positives to the rule writers.

Instructions to file a false positive report: Submit a False Positive<http://blog.snort.org/2016/11/reporting-false-positives-with-snortorg.html>.


--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>






On Jan 3, 2018, at 2:23 PM, fatema bannatwala via Snort-users <snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>> wrote:

Most of the time almost 90% of the alerts result in false positive, and is kind of time consuming

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180103/c622f353/attachment.html>


More information about the Snort-users mailing list