Re: False positives, negatives and don't cares

I'm thinking of calling them "noncontextuals", what does everyone think about that word?

Weeding down the analytics set to the minimum can be a side effect of network discovery processes, you just move the context information down into the sensor itself.

The nCircle model is great for detecting things that you know about but tails off when you get outside those things. There's not anything wrong with that, it just that some of the same ideas can be applied more broadly to solve a greater number of problems in my opinion.

     -Marty

On 8/11/03 11:16 AM, "Bennett Todd" <bet@rahul.net> wrote:

> A very thought-provoking note (no surprise there).

-- 
Martin Roesch - Founder/CTO Sourcefire Inc. - (410) 290-1616
Sourcefire: Enterprise-class Intrusion detection built on Snort
roesch(at)sourcefire.com - 
http://www.sourcefire.com
Snort: Open Source Network IDS - 
http://www.snort.org


---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: 
http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------