Snort mailing list archives
Re: Reliability of signatures
From: Crusty Saint <saintcrusty () gmail com>
Date: Fri, 4 Feb 2011 17:59:09 +0100
ehrm ... i'm not quite sure where this leads .... obviously .... so here i go anyway Being able to separate between protections that have and don't have known false-rates directly from log entries (daq) is in itself practical, imho it permits to work with a 'sketch or picture' for that specific environment which is easier to adapt to. Correct me if i'm wrong .... known FP/FN sid's vs known sid's with neither FP/FN could allready by categorized as a first level of confidence. Actually it does 'feel' that multiple levels-of-confidence could be better then a single confidence level. For now i only see Three ( draftish ) 1) FP/FN confidence level (Y/N) 2) Personal Confidence level ( Categories ) 3) Community Confidence level ( Percentage ) Checkpoint's confidence levels are a nice way of doing things but then again, who wants a sid that is 50% correct ? Better then nothing, agreed, but when would one have to care for that percentage of doubt ? Which is a big plus for snort as their sid's are open, one could actually verify what is checked for. 2011/2/4 Michael Scheidell <michael.scheidell () secnap com>
On 2/4/11 11:12 AM, Crusty Saint wrote: For now a flag for false-pos and one for false-neg would be nice to have. a SORTA OF A BAYSIAN sorta thing? fp's go to 'ham', not fp's go to 'spam'? :-) you poll the value (CF) confidence factor . -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300*| *SECNAP Network Security Corporation- Certified SNORT Integrator - 2008-9 Hot Company Award Winner, World Executive Alliance - Five-Star Partner Program 2009, VARBusiness - Best in Email Security,2010: Network Products Guide - King of Spam Filters, SC Magazine 2008 ------------------------------ This email has been scanned and certified safe by SpammerTrap®. For Information please see http://www.secnap.com/products/spammertrap/ ------------------------------ ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- - - - Security Engineer - Tags: Analyst Systems Security Linux Firewall Network Web Troubleshooting - If you think I deserve a rant, write me off-list
------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Reliability of signatures, (continued)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures Matthew Jonkman (Feb 04)
- Re: Reliability of signatures Crusty Saint (Feb 04)
- Re: Reliability of signatures Matthew Jonkman (Feb 04)
- Re: Reliability of signatures Fraser, Hugh (Feb 07)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures Fraser, Hugh (Feb 07)
- Re: Reliability of signatures Michael Scheidell (Feb 04)
- Re: Reliability of signatures Crusty Saint (Feb 04)
- Re: Reliability of signatures Michael Scheidell (Feb 04)
- Re: Reliability of signatures Crusty Saint (Feb 04)
- Re: Reliability of signatures waldo kitty (Feb 04)
- Re: Reliability of signatures Fraser, Hugh (Feb 07)