From 2bc5c46158c62eef5ef6bc1b60fa354065a12de0 Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Tue, 4 Oct 2022 10:48:56 +0200
Subject: [PATCH] stream/rules: disable depth rule by default

---
 rules/stream-events.rules | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/rules/stream-events.rules b/rules/stream-events.rules
index a267331875..7ffeb6b5d3 100644
--- a/rules/stream-events.rules
+++ b/rules/stream-events.rules
@@ -98,6 +98,8 @@ alert tcp any any -> any any (msg:"SURICATA STREAM FIN SYN reuse"; stream-event:
 # Disabled by default as this quite common and not malicious.
 #alert tcp any any -> any any (msg:"SURICATA STREAM spurious retransmission"; stream-event:pkt_spurious_retransmission; classtype:protocol-command-decode; sid:2210061; rev:1;)
 
-alert tcp any any -> any any (msg:"SURICATA STREAM reassembly depth reached"; stream-event:reassembly_depth_reached; classtype:protocol-command-decode; sid:2210062; rev:1;)
+# Depth setting reached for a stream. Very common in normal traffic, so disable by default.
+#alert tcp any any -> any any (msg:"SURICATA STREAM reassembly depth reached"; stream-event:reassembly_depth_reached; classtype:protocol-command-decode; sid:2210062; rev:1;)
+
 # next sid 2210063