IDS mailing list archives
Re: amount of alarms generated by IDS
From: "Andy Cuff" <talisker () securitywizardry com>
Date: Tue, 11 May 2004 10:15:00 +0100
Let's also not forget the breadth and depth of the signatures within the IDS which varies greatly between vendors, are they purely grepping or is there also an element of protocol decode in there. Tuning is the key, as is compatibility of the chosen product with both the network and the staff operating it. To answer the original question, you cannot gauge these rates ahead of time without a mass of research, best option is to place an IDS on your network and see for yourself, but make sure you try before you buy. -andy cuff Talisker Security Tools Directory http://www.securitywizardry.com ----- Original Message ----- From: "Bhargav Bhikkaji" <bbhikkaji () yahoo co in> To: <focus-ids () securityfocus com> Sent: Saturday, May 08, 2004 4:04 PM Subject: Re: amount of alarms generated by IDS
In-Reply-To: <20040507072116.73229.qmail () web12822 mail yahoo com> The right-out-of-the-box configs for an inline device areexpected to generate much fewer FPs since admins don't have all the time
in the
world to tune the rules unlike on a promiscuous mode device.I am not sure how Inline IDS will generate fewer FP's ?. -Bhargav --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
-
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: amount of alarms generated by IDS, (continued)
- Re: amount of alarms generated by IDS Ravishankar Ithal (May 10)
- RE: amount of alarms generated by IDS Rob Shein (May 11)
- RE: amount of alarms generated by IDS Ravishankar Ithal (May 12)
- RE: amount of alarms generated by IDS Rob Shein (May 11)
- Re: amount of alarms generated by IDS Jason (May 11)
- Re: amount of alarms generated by IDS Dennis Cox (May 11)
- Re: amount of alarms generated by IDS Jason (May 13)
- Re: amount of alarms generated by IDS Ravishankar Ithal (May 10)
- RE: amount of alarms generated by IDS Frank Knobbe (May 11)
- Hi, I want to study IPS cto (May 11)
- RE: Hi, I want to study IPS Shawn (May 13)
- Re: amount of alarms generated by IDS nick black (May 14)
- Re: amount of alarms generated by IDS Stefano Zanero (May 22)
- Re: amount of alarms generated by IDS nick black (May 25)