After getting the alerts generated by IDS how we distinguish true positive.false positive and false negative.



Hi All,

After getting the alerts generated by IDS how we distinguish true positive.false positive and false negative.

And What we do with True Positive alerts. How we export alerts from database (Steps).

Thanks in Advance

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------



Relevant Pages

  • Re: Target based IDS review and discussion in Information Security
    ... This all began in 2000 when Marty lead the IDS development effort at ... > describes alerts as they pop out of IDS consoles. ... > Roesch names two other components as integral to target based NIDS: ... > an attack on a system that cannot succeed should be demoted. ...
    (Focus-IDS)
  • Re: which attacks will generate false positive or false negative?
    ... addresses of the servers on your network that are allowed to do DNS Zone ... you first install a Network IDS, snmpwalks may trigger from your network ... Matt brings up the point of alerts to things that didn't have any ... you're not sure of the best way to tune out false positives during your ...
    (Focus-IDS)
  • Re: Recommended IPS signature set
    ... The most important factor in choosing IPS and IDS events is understanding what you are protecting and what it could cost you if one of your systems is compromised. ... an expert staff with available time may be able to process protocol anomaly alerts while a novice staff or one strapped for time may only have time to concentrate on vulnerability or exploit alerts. ... Then based on the criticality of the service and the severity of the event decide whether it should be enabled as blocking or not. ...
    (Focus-IDS)
  • Re: After getting the alerts generated by IDS how we distinguish true positive.false positive and fa
    ... After getting the alerts generated by IDS how we distinguish true ... And What we do with True Positive alerts. ... If it's a false positive for an attack to which your environment is ... False negatives are troublesome. ...
    (Pen-Test)
  • RE: IDS event filtering
    ... I think there are a few ways to filter; ... at in over a year so not sure if any backend IDS correlation. ... Deprioritize alerts on ... > Find out quickly and easily by testing it with real-world attacks ...
    (Focus-IDS)