Let's also not forget the breadth and depth of the signatures within the IDS
which varies greatly between vendors, are they purely grepping or is there
also an element of protocol decode in there.
Tuning is the key, as is compatibility of the chosen product with both the
network and the staff operating it.
To answer the original question, you cannot gauge these rates ahead of time
without a mass of research, best option is to place an IDS on your network
and see for yourself, but make sure you try before you buy.
-andy cuff
Talisker Security Tools Directory
http://www.securitywizardry.com
----- Original Message -----
From: "Bhargav Bhikkaji" <bbhikkaji_at_yahoo.co.in>
To: <focus-ids_at_securityfocus.com>
Sent: Saturday, May 08, 2004 4:04 PM
Subject: Re: amount of alarms generated by IDS
> In-Reply-To: <20040507072116.73229.qmail_at_web12822.mail.yahoo.com>
>
> The right-out-of-the-box configs for an inline device are
>
> >expected to generate much fewer FPs since admins don't have all the time
in the
>
> >world to tune the rules unlike on a promiscuous mode device.
>
> >
>
>
>
> I am not sure how Inline IDS will generate fewer FP's ?.
>
>
>
> -Bhargav
>
> --------------------------------------------------------------------------
-
>
> --------------------------------------------------------------------------
-
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Received on May 11 2004
Intro
