You have acquired your IPS/IDS systems, implemented them, setting up alerts, logging, etc. But actually, once the network perimeter has been secured, more often than not, your SNMP management system will start reporting alarms which are not necessarily of concern; you will also find that some alarms are actually being missed.
This blog is about classifying these alerts based on their level of reliability – how much, as a network engineer, could you actually trust or rely on them?
As you probably know, in medical diagnoses, positive is bad (positively diagnosed) and negative is good (negatively diagnosed). Network Monitoring Systems (NMS) use a very similar concept. However, it is also up to the network engineer to decide whether to trust the alarms being generated, as well as to tune the NMS for more accurate reporting.
Based on the concept above, I have grouped the four types of alarms we will find in our networks: