[logs] too many false alarms Jan 24 2008 11:04PM
Jon Stearley (jrstear sandia gov)
what false alarm rate do you tolerate for your current monitoring
system? is 1 false alarm in 4 ok? 1 in 10? 1 in 100?

a related question is: what false alarm rate must anomaly detection
systems achieve to be useful?

i know this is person/site/situation/etc specific, and welcome any
ballpark figures or experiences. thanks.

-jon stearley

LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus