Operators can expect to find something interesting on just about any network segment they care to monitor. Unfortunately, deploying a new instance of Snort with a full complement of active rules will produce more alerts than the average operator is willing to tolerate. Please note that these alerts are not false positives. A real false positive happens when an operator instructs Snort to identify a certain type of traffic and Snort reports seeing it -- when it didn't happen. If an operator tells Snort to alert every time it sees the string "http", the resulting alerts are not false positives. They are the results of the operator's choices.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.