[Snort-users] How can I recognize rules with high false positive rate?
This is a discussion on [Snort-users] How can I recognize rules with high false positive rate? within the Snort forums, part of the System Security and Security Related category; Hi. In my network low false possitive rate is very more important than low false negative rate. I need some ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-17-2004
|
|||
|
|||
[Snort-users] How can I recognize rules with high false positive rate?
Hi.
In my network low false possitive rate is very more important than low false negative rate. I need some way to classify Snort rules to "high false positive" and "low false positive" categories. Does Snort rules' "priority" and "classtype" indicate their false positive/negative rates? If yes, how? If no, how can I know their false positive rate? Thanks in advance. -- Ali Zand ------------------------------------------------------- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
