Hi everybody
I'm coupling an IDS with an expert system. I want to prove that this could
decrease the number of false positives. I chose Snort as an IDS.
Because of the huge number of signatures, I just want (for now) to take a
little set of signatures and design the expert system rules according to
theses signatures to work like an administrator would do (analyse logs,
monitor the alerts, know if it's a false positive or not, make decision).
So, what is in your opinion the right set of signatures to take (for
example, the signatures that generate a lot of false positives) ?
Thx!
--
View this message in context:
http://www.nabble.com/Snort-with-an-expert-system-tp22881974p22881974.html
Sent from the IDS (Intrusion Detection System) mailing list archive at
Nabble.com.
