Chapter 13. Managing False Positives and False Negatives

A Cisco Intrusion Prevention System (IPS) is suspicious and not trusted when there are many false alarms. This chapter discusses methodologies to tune and tweak the sensor to manage and reduce the number of false positives and false negatives. In this chapter, you learn the following:

Identifying False Positives and False Negatives: Understanding when the sensor is setting off alarms, when it shouldn’t be, or missing malicious traffic when it should be firing off alarms is a critical first step in tuning the sensor for the network.

Tuning to Reduce False Positives: Reducing or eliminating the erroneous alerts generated by the sensor.

Tuning to Reduce False Negatives: By adapting ...

Get CCNP Security IPS 642-627 Official Cert Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.