|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alberto Gonzalez (ag-snort_at_cerebro.violating.us)
Date: Tue Oct 22 2002 - 02:08:59 CDT
IMHO, you shouldn't just dismiss alerts as false positives, you
determine if its a false positive by investigating.
If you have investigated before, and still are getting alerts, then you
can pretty much dismiss those (be warned).
As to your e-mail, I really don't get what your trying to say. Snort
reports on the rules you tell it to check packets
against, that simple. The ones you define in your snort config. (ie
snort.conf).
Hope it Helps
- Albert
Gary Verhulp wrote:
> How does wone report false positives for rules.
>
> What info do you need to include.
>
> Thanks
>
> Gary
>
-- The secret to success is to start from scratch and keep on scratching.------------------------------------------------------- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576298;k?http://www.sun.com/javavote _______________________________________________ Snort-users mailing list Snort-users
lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]