|
For me the pain of false positives submissions is
the research that happens when I get a "no rule found" return.
I then need to find the queue-id of the original
message and then find the appropriate Sniffer log and pull out the log lines
from there and then submit it. Almost always in these cases, a rule is
removed.
If this process could be improved that would really
be a time saver.
|
- Re: [sniffer]FP suggestions Matt
- Re: [sniffer]FP suggestions Darin Cox
- Re: [sniffer]FP suggestions Scott Fisher
- Re: [sniffer]FP suggestions Darin Cox
- Re: [sniffer]FP suggestions Matt
- Re: [sniffer]FP suggestions Darin Cox
