mirror of https://github.com/OISF/suricata
cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Instead of the binary yes/no whitelisting used so far, use different values for different sorts of whitelist reasons. The port list will be sorted by whitelist value first, then by rule count. The goal is to whitelist groups that have weak sigs: - 1 byte pattern groups - SYN sigs Rules that check for SYN packets are mostly scan detection rules. They will be checked often as SYN packets are very common. e.g. alert tcp any any -> any 22 (flags:S,12; sid:123;) This patch adds whitelisting for SYN-sigs, so that the sigs end up in as unique groups as possible. - negated mpm sigs Currently negated mpm sigs are inspected often, so they are quite expensive. For this reason, try to whitelist them. These values are set during 'stage 1', rule preprocessing. |
9 years ago | |
---|---|---|
benches | 16 years ago | |
contrib | 10 years ago | |
doc | 11 years ago | |
lua | 11 years ago | |
m4 | 16 years ago | |
qa | 9 years ago | |
rules | 9 years ago | |
scripts | 10 years ago | |
src | 9 years ago | |
.gitignore | 12 years ago | |
.travis.yml | 10 years ago | |
COPYING | 10 years ago | |
ChangeLog | 9 years ago | |
LICENSE | 10 years ago | |
Makefile.am | 10 years ago | |
Makefile.cvs | 16 years ago | |
acsite.m4 | 16 years ago | |
autogen.sh | 13 years ago | |
classification.config | 15 years ago | |
config.rpath | 12 years ago | |
configure.ac | 9 years ago | |
doxygen.cfg | 11 years ago | |
reference.config | 11 years ago | |
suricata.yaml.in | 9 years ago | |
threshold.config | 13 years ago |