Snort mailing list archives
How can I recognize Snort rules with high false positive rate?
From: Ali Zand <ali.zand () gmail com>
Date: Thu, 17 Jun 2004 19:56:37 +0430
Hi. In my network, low false positive rate is very more important than low false negative rate. I need someway to classify Snort rules to "with low false positive rate" and "with high false positive rate" categories. How can I recognize these rules? Does Snort rules' "classtype" and "priority" indicate their "false positive(or negative) rate"? If yes, how? If no, how can I get some information about this? Thanks in advance. -- Ali Zand ------------------------------------------------------- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How can I recognize Snort rules with high false positive rate? Ali Zand (Jun 17)
- Re: How can I recognize Snort rules with high false positive rate? Keith W. McCammon (Jun 17)
- Re: How can I recognize Snort rules with high false positive rate? Jason Haar (Jun 17)
- Re: How can I recognize Snort rules with high false positive rate? Keith W. McCammon (Jun 17)
- Re: Re: How can I recognize Snort rules with high false positive rate? Ali Zand (Jun 18)
- Re: How can I recognize Snort rules with high false positive rate? Jason Haar (Jun 17)
- Re: How can I recognize Snort rules with high false positive rate? Keith W. McCammon (Jun 17)