[Oisf-users] How decrease the number of false positive
Rildo Souza
rildo.souza at rnp.br
Wed Sep 20 16:55:15 UTC 2017
Hello People,
Currently I have been receiving a lot of false positive notification related with "Subject": Classification:A Network Trojan was detected.
The ids in most of cases are:
[1:2404516:4621]
[1:2404030:4621]
[1:2404559:4621]
[1:2404026:4621]
[1:2404441:4621]
I checked it and there are many false positive.
Could someone help me to improve my detections in the Suricata ?
Best Regards,
Rildo Antonio de Souza
Security Analyst
Centro de Atendimento a Incidentes de Segurança - CAIS
Rede Nacional de Ensino e Pesquisa - RNP
(19) 3787-3368 - http://www.rnp.br/cais
More information about the Oisf-users
mailing list