• Support
  • Forums
  • Blogs

NIDS alarms

ol.batardol.batard

Space invader
+12
Hello,

How do you manage you NIDS alerts ? Do you have any directives to raise an alarm ? Do you review all NIDS events day after day ?
Due to the number of NIDS events it's not possible to create directive associated. 

Thanks
Tagged:

Share post:

Answers

  • Hi!

    I only raise alarms from directives, so I have as little false positives as possible. I create a directive for each NIDS( and HIDS ), that is interesting and scroll over NIDS ( and HIDS ) grouped siem events every 2 to 3 days, to see, if there is anything new.

  • Hi tic.pavlin,

    How do you select your interesting rules for your directives regarding the hundred of rules ? 

  • @tic.pavlin how do you choose your NIDS events that will raise an alarm ? Some NIDS lack of accuracy

  • no one ?
Sign In or Register to comment.