Determining/Filtering out false positives is always a major challenge when working with/monitoring IDS's... I'd like to ask everyone else in the forum if they have any good sources that assist with determining them. I once tried to start a thread within a support forum of a specific vendors IDS site that was geared towards identifying common false positives. Unfortunately there weren't many contributors to the forum in general and the thread never took off. I thought it was a good idea though. People could post specific alerts they commonly saw that they deemed false positives and why. Hell.. maybe it could work here?