Bug #204: Alert requiring flowbit to be set not firing. - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #204

closed

JI PR

Alert requiring flowbit to be set not firing.

Bug #204: Alert requiring flowbit to be set not firing.

Added by Jason Ish almost 16 years ago. Updated over 15 years ago.

Status:

Closed

Priority:

High

Assignee:

Pablo Rincon

Target version:

1.0.1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Using VRT registered rules for Snort 2.8.5.3.

Sid 16435 in policy.rules requires the flowbit in sid 16425 (web-client.rules) to be set before it will alert. In the default suricata.yaml, policy.rules is loaded before web-client.rules and sid 16435 does not alert. Sid 16435 will alert if web-client.rules is listed before policy.rules in the configuration file.

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Bug #204

Alert requiring flowbit to be set not firing.

VJ Updated by Victor Julien almost 16 years ago Actions
Copy link
#1

VJ Updated by Victor Julien almost 16 years ago Actions
Copy link
#2

VJ Updated by Victor Julien over 15 years ago Actions
Copy link
#3

Project

General

Profile

Suricata

Custom queries

Bug #204

Alert requiring flowbit to be set not firing.

VJ Updated by Victor Julien almost 16 years ago ActionsCopy link #1

VJ Updated by Victor Julien almost 16 years ago ActionsCopy link #2

VJ Updated by Victor Julien over 15 years ago ActionsCopy link #3

VJ Updated by Victor Julien almost 16 years ago Actions
Copy link
#1

VJ Updated by Victor Julien almost 16 years ago Actions
Copy link
#2

VJ Updated by Victor Julien over 15 years ago Actions
Copy link
#3