topic Re: Pre IDS Implementation Check List for Sig Tuning in Network Security

Pre IDS Implementation Check List for Sig Tuning

jimmi1015 — Sun, 10 Mar 2019 09:45:10 GMT

Hi Experts,

IDS signature tuning can get quite involved.

To make sure nothing important is overlooked, is there a Check List that can be used?

If not, what are some of the critical items that should be known beforehand?

A couple items are obvious e.g. type of OS's used and what servers must never be blocked. But, I'm sure there's a whole list of things that should be considered.

Any feedback would be greatly appreciated.

Re: Pre IDS Implementation Check List for Sig Tuning

vkapoor5 — Fri, 18 Nov 2005 15:37:51 GMT

Knowing the behavior of your network and the applications that you are running is very important before signatures can be tuned. To avoid false positive alarms, you may have to observe your network for a while and tune the signatures until you get the desired result. From my experience, signature tuning is a contnious process and has to be monitored on a regular basis.