• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

NIDS alarms


Space invader

How do you manage you NIDS alerts ? Do you have any directives to raise an alarm ? Do you review all NIDS events day after day ?
Due to the number of NIDS events it's not possible to create directive associated. 


Share post:


  • Hi!

    I only raise alarms from directives, so I have as little false positives as possible. I create a directive for each NIDS( and HIDS ), that is interesting and scroll over NIDS ( and HIDS ) grouped siem events every 2 to 3 days, to see, if there is anything new.

  • Hi tic.pavlin,

    How do you select your interesting rules for your directives regarding the hundred of rules ? 

  • @tic.pavlin how do you choose your NIDS events that will raise an alarm ? Some NIDS lack of accuracy

Sign In or Register to comment.