False positives must be mitigated as much as possible while still not creating new false negatives.
A few steps that will greatly reduce the number of false positives follow:
Disable rules that are not relative to your environment. For example if you do not run Apache servers there is no reason to watch for attacks against Apache.
When using anomaly detection IDS be sure to re-train for new applications as needed.
Where possible, edit rules that are too broad.
When rules can not be edited, create tight bypass rules that allow the legitimate traffic to pass without triggering an alert.
For rules that are situational, be sure they are only enabled where they are relevant. For example, NBT traffic inside a Windows LAN environment is normal yet, the same traffic coming from the Internet may not be normal.
I've been managing multi-million dollar projects for years but always felt muddled as to the formal activities required. Halfway through the SANS PM course, things are becoming clear at last. -Matt Harvey, US DOJ