A Snort sensor is generating many false-positive sfPortscan alerts, in which busy, trusted hosts are flagged as the source of port sweep events. Which tuning strategy can mitigate this problem?
A) Add the host to the Ignore Scanner list.
B) Add the host to the Ignore Scanned list.
C) Add the host to the Watch IP list.
D) Apply a rule threshold.
Correct Answer:
Verified
Q121: Which file is the primary configuration file
Q122: Which action is valid for decoder/preprocessor stub
Q123: Which configuration is optimal for the frag3
Q124: Which preprocessor maintains connection state so that
Q125: Which management and analysis tool can you
Q127: Given the rule option byte_test:1, ,64,2;, what
Q128: What is a GID?
A) general intrusion domain
B)
Q129: Which preprocessor uses a global directive and
Q130: Which statement about the distribution of SO
Q131: Which character must a rule body end
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents