Expected false positives

Discussion created by scarielli Employee on May 6, 2011
Latest reply on Sep 20, 2011 by RSA Admin

I wanted to raise a question that came up in a discussion I had with a customer this week.


For any given rule, what percentage of false positives are expected or acceptable?  What is the level of false positives that would lead you to start modifying the rule? 


I'm interested in hearing as many takes on this as possible.  Is this something you monitor carefully?