aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

userguide/upgrade: add note about alerts' increase

Browse Source 
With triggering stream reassembly early, since for certain types of
rules there may be more alerts triggered - even in IPS mode, make this
clear in the upgrading section.

Bug #7026
pull/11271/head
Juliana Fajardini 1 year ago committed by Victor Julien
parent bb45ac71ef
commit 43b998aa73
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File

3
doc/userguide/upgrade.rst
Unescape Escape View File

@ -57,6 +57,9 @@ Major changes
Instead, both the SDP parser and logger depend on being invoked by another parser (or logger).
- ARP decoder and logger have been introduced.
Since ARP can be quite verbose and produce many events, the logger is disabled by default.
- It is possible to see an increase of alerts, for the same rule-sets, if you
use many stream/payload rules, due to Suricata triggering TCP stream
reassembly earlier.
Upgrading 6.0 to 7.0
--------------------

Write Preview
Loading…
Cancel
Save