Chapter 10. Tuning and Reducing False Positives
Tuning and reducing false positives is a task that you will have to undertake for almost every situation in which Snort is used to monitor for intrusions. Tuning Snort has become increasingly important in recent years as the number of possible attacks increases, along with the amount of bandwidth Snort is expected to monitor. As time progresses, more network-based attacks and IDS evasion techniques will be discovered, requiring additional rules and preprocessors to detect them. These additional features will cause an even greater resource strain for the Snort application. The use of computer networks to perform business tasks is increasing as well. Even with the collapse of the late 90s “New Economy,” ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
