http://blog.snort.org/2016/11/reporting-false-positives-with-snortorg.html
-- via my feedly newsfeed
Some users may not be aware, but you've been able to report false positives on Snort.org for years. I say that users may not be aware, because quite unintentionally, the feature wasn't very easy to find.
With today's rollout of version 5.1.1 of Snort.org, hopefully, we've fixed that.
When visiting Snort.org, upon logging in:
then clicking on your email in the same section after logging in, you will be taken to your User Preferences and information screen.
On the left side of the screen, you will see the different sections in your user account:
Including a new link at the bottom of the list for "False Positive".
The screen looks like this:
With today's rollout of version 5.1.1 of Snort.org, hopefully, we've fixed that.
When visiting Snort.org, upon logging in:
then clicking on your email in the same section after logging in, you will be taken to your User Preferences and information screen.
On the left side of the screen, you will see the different sections in your user account:
Including a new link at the bottom of the list for "False Positive".
The screen looks like this:
When you fill out this form and click submit, the pcap and description will enter directly into our analyst's queue for work, allowing us to process false positives quickly.
In a future version of the Snort site, we are going to tie this feature directly into, what we call, the "Analyst Console", here at Talos. Allowing you to see the status of your false positive, as it is flowing through our system, automatically. Allowing you to see when the rule will be fixed, and when it was released.
In the meantime, please use this system for your FP reports, help us improve the feature!
No comments:
Post a Comment