[Bro] False positive
Angelita de Cássia Corrêa
angelita at uol.com.br
Tue Jul 19 12:21:09 PDT 2005
Martin,
I pretend to see what alerts bro detects. These information are not enough
to analyse if each alert is an attempt or false positive. I need alert
information.
Do you understand now?
tks
Angelita
----- Original Message -----
From: "Martin Casado" <casado at cs.stanford.edu>
To: "Angelita de Cássia Corrêa" <angelita at uol.com.br>
Sent: Tuesday, July 19, 2005 3:23 PM
Subject: Re: [Bro] False positive
>
> I'm having a hard time understanding your email. Could you please be
> clear
> about what you are trying to do? Also, what policy scripts are you
> using? Are
> you sure bro is the appropriate tool rather than a more straightforward
> signature
> detection engine such as snort?
>
> .m
>
> >Sirs,
> >
> >What is the best form to analyse the BRO received packets?
> >I need to calculate how many false positives bro detected in a
determinated
> >period.
> >
> >I didn't have success in reports, I continue receiving empty reports,
then I
> >need to analyse the logs or using other way to detect what event is a
false
> >positive and why is not.
> >
> >Please, can you help me?
> >
> >Thanks
> >Angelita
> >
> >
> >
> >
> >_______________________________________________
> >Bro mailing list
> >bro at bro-ids.org
> >http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> >
> >
>
More information about the Bro
mailing list