Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Anyone familiar with SNORT..... alert file
- Thread starter iam3
- Start date
No, SNORT (and all IDS's) will have MANY "false possitives".
The job of a security analyst is to go thru the logs proactively (and regularly <G>) looking for anomalies that point to security events.
It takes some time to fine tune an IDS to ignore the false positives but not miss an actuall security event, but by going thru the logs and looking at what is being reported, you will begin to learn the difference and be in a better position to manage your IDS
---
John Hoke<br>
The job of a security analyst is to go thru the logs proactively (and regularly <G>) looking for anomalies that point to security events.
It takes some time to fine tune an IDS to ignore the false positives but not miss an actuall security event, but by going thru the logs and looking at what is being reported, you will begin to learn the difference and be in a better position to manage your IDS
---
John Hoke<br>
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question