Back to list
[logs] too many false alarms
Jan 24 2008 11:04PM
Jon Stearley (jrstear sandia gov)
what false alarm rate do you tolerate for your current monitoring
system? is 1 false alarm in 4 ok? 1 in 10? 1 in 100?
a related question is: what false alarm rate must anomaly detection
systems achieve to be useful?
i know this is person/site/situation/etc specific, and welcome any
ballpark figures or experiences. thanks.
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
[ reply ]
Copyright 2010, SecurityFocus