IPSs and IDSs generate logs when alarms are triggered upon network traffic analysis. Havng these parameters correctly configured minimize the failure chances on detecting malicious traffic. Besides we will avoid having huge log files with tons of non-relevant events.

There are four types of alarms, and all of them are crucial to the correct operation of the deployed sensors, being the most important one, the False Negative. Now we’ll see why:

  • False Positive. It happens when normal traffic, triggers a signature. We will get an alert and there is nothing happening indeed.
  • False Negative. Malicious traffic does not trigger a signature. Ususally due to bad fine-tuning of the sensor’s parameters. An attack is not detected.
  • True Positive. Malicious traffic triggers any signature. We have an attack being detected, and if properly configured, corrective actions will be taken.
  • True Negative. Regular traffic triggers nothing. This should be our ideal network status. Our Zen.