I'm very new to Snort and doing some analysis of sensor performance in a lab environment.
I'm trying to create a confusion matrix for my data, but am having a difficult time placing a real value on false/true negatives. Positives are easy because they correspond to a Snort Alert, but is there a way of looking at what Snort could have alerted on, but didn't.
[link] [comment]