IDS mailing list archives
Re: Tuning false positives
From: Joel M Snyder <Joel.Snyder () Opus1 COM>
Date: Thu, 29 Dec 2005 09:03:00 -0700
Gary Halleen (ghalleen) <ghalleen () cisco com> wrote: > Before I catch too many flames, let me clarify that I recommend a good > SIM product, of which MARS is one.Hmmm, speaking of flames... not sure that I would necessarily agree that MARS is even a SIM product at all, depending on your definition of SIM, but in any case rather than flame in public, I'll pitch out:
http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss506_art1043,00.html which is a test I did of five SIMs late last year. jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX) jms () Opus1 COM http://www.opus1.com/jms Opus One ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- Re: Tuning false positives Joel M Snyder (Jan 02)
- <Possible follow-ups>
- RE: Tuning false positives Ofer Shezaf (Jan 05)
- RE: Tuning false positives mhellman (Jan 05)
- Re: Tuning false positives Raffael Marty (Jan 11)
- Re: Tuning false positives mhellman (Jan 09)
- Re: Tuning false positives (SIM and VM) Ron Gula (Jan 12)
- Re: Tuning false positives (SIM and VM) David W. Goodrum (Jan 13)
- Re: Tuning false positives Raffael Marty (Jan 11)
- Re: Tuning false positives Devdas Bhagat (Jan 05)
- RE: Tuning false positives Gary Halleen (ghalleen) (Jan 05)