aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

userguide/upgrade: add note about alerts' increase

Browse Source 
With triggering stream reassembly early, since for certain types of
rules there may be more alerts triggered - even in IPS mode, make this
clear in the upgrading section.

Bug #7026
pull/11271/head
Juliana Fajardini 2 years ago committed by Victor Julien
parent bb45ac71ef
commit 43b998aa73
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File

3
doc/userguide/upgrade.rst
Unescape Escape View File

@ -57,6 +57,9 @@ Major changes
Instead, both the SDP parser and logger depend on being invoked by another parser (or logger). Instead, both the SDP parser and logger depend on being invoked by another parser (or logger).
- ARP decoder and logger have been introduced. - ARP decoder and logger have been introduced.
Since ARP can be quite verbose and produce many events, the logger is disabled by default. Since ARP can be quite verbose and produce many events, the logger is disabled by default.
- It is possible to see an increase of alerts, for the same rule-sets, if you
use many stream/payload rules, due to Suricata triggering TCP stream
reassembly earlier.
Upgrading 6.0 to 7.0 Upgrading 6.0 to 7.0
-------------------- --------------------

Write Preview
Loading…
Cancel
Save