There are four types of alert statuses that you might come across. These alerts can indicate everything is operating normally or that a program or operation is behaving suspiciously. The four status types are: false positive, false negative, true negative (false false), and true positive (positive positive):

• False positive: This is often called a "false alarm", or any normal behavior that is seen as malicious or unwanted but isn't. An example of this would be your e-mail service sending a legitimate e-mail to the spam folder instead of your inbox. The detection software got a false positive on your e-mail and, not knowing any better, thought it was unwanted spam.
• False negative: This is the opposite of a false positive, where a malicious or unwanted action slips past. False negatives are much more dangerous than false positives. An example would be an IDS or IPS not recognizing the type of attack or program a hacker is using and letting the traffic through without alerting on it.
• True negative/false false: This is any normal behavior that is not flagged as malicious or unwanted. Basically, the IDS or IPS doesn't see the programs or traffic as suspicious and allows it to operate normally. An example would be whatever program you are using is able to access what it needs to without throwing up at warning flag false positive.
• True positive/positive positive: This is any malicious or unwanted behavior that is flagged or blocked thus preventing that program from causing any damage to your system. An example would be a hacker trying some sort of attack (MITM, DDoS, and so on) but your security identifies the attack and alerts your or blocks the attack altogether.