From 4aa4ad3f7406acc4c69dd93f0a8193729240cfc9 Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Tue, 12 Jul 2022 09:07:49 -0400 Subject: [PATCH] stream/rules: add example rule for reassembly depth Issue: 3512 --- rules/stream-events.rules | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/stream-events.rules b/rules/stream-events.rules index 66998449d9..a267331875 100644 --- a/rules/stream-events.rules +++ b/rules/stream-events.rules @@ -98,5 +98,6 @@ alert tcp any any -> any any (msg:"SURICATA STREAM FIN SYN reuse"; stream-event: # Disabled by default as this quite common and not malicious. #alert tcp any any -> any any (msg:"SURICATA STREAM spurious retransmission"; stream-event:pkt_spurious_retransmission; classtype:protocol-command-decode; sid:2210061; rev:1;) -# next sid 2210062 +alert tcp any any -> any any (msg:"SURICATA STREAM reassembly depth reached"; stream-event:reassembly_depth_reached; classtype:protocol-command-decode; sid:2210062; rev:1;) +# next sid 2210063