[Snort-users] Tuning snort for false positives.

fatema bannatwala fatema.bannatwala at gmail.com
Wed Jan 3 15:11:57 EST 2018


Thanks Joel for the response, and sharing the link to submit FPs.

Also, wanted to ask, if you could provide some leads in the direction of
tuning snorts, would be helpful.


Thanks,
Fatema.

On Wed, Jan 3, 2018 at 2:56 PM, Joel Esler (jesler) <jesler at cisco.com>
wrote:

> There are all kinds of methods to tuning Snort.  That being said, if you
> believe that 90% of your alerts are false positives, it would probably be
> beneficial to report those false positives to the rule writers.
>
> Instructions to file a false positive report: Submit a False Positive
> <http://blog.snort.org/2016/11/reporting-false-positives-with-snortorg.html>
> .
>
>
> *--*
> *Joel Esler *| *Talos:* Manager | jesler at cisco.com
>
>
>
>
>
>
> On Jan 3, 2018, at 2:23 PM, fatema bannatwala via Snort-users <
> snort-users at lists.snort.org> wrote:
>
> Most of the time almost 90% of the alerts result in false positive, and is
> kind of time consuming
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180103/584c2fd5/attachment-0001.html>


More information about the Snort-users mailing list