Snort with an expert system
- From: Timmmy <bluesinblood@xxxxxxxxx>
- Date: Sat, 4 Apr 2009 05:22:01 -0700 (PDT)
Hi everybody
I'm coupling an IDS with an expert system. I want to prove that this could
decrease the number of false positives. I chose Snort as an IDS.
Because of the huge number of signatures, I just want (for now) to take a
little set of signatures and design the expert system rules according to
theses signatures to work like an administrator would do (analyse logs,
monitor the alerts, know if it's a false positive or not, make decision).
So, what is in your opinion the right set of signatures to take (for
example, the signatures that generate a lot of false positives) ?
Thx!
--
View this message in context: http://www.nabble.com/Snort-with-an-expert-system-tp22881974p22881974.html
Sent from the IDS (Intrusion Detection System) mailing list archive at Nabble.com.
- Follow-Ups:
- Re: Snort with an expert system
- From: Stephen Mullins
- Re: Snort with an expert system
- Prev by Date: Setting up Arcsight/Tripwire
- Next by Date: Re: Setting up Arcsight/Tripwire
- Previous by thread: Setting up Arcsight/Tripwire
- Next by thread: Re: Snort with an expert system
- Index(es):
Relevant Pages
|
