Bug #204
closed
Alert requiring flowbit to be set not firing.
Added by Jason Ish over 14 years ago.
Updated over 14 years ago.
Description
Using VRT registered rules for Snort 2.8.5.3.
Sid 16435 in policy.rules requires the flowbit in sid 16425 (web-client.rules) to be set before it will alert. In the default suricata.yaml, policy.rules is loaded before web-client.rules and sid 16435 does not alert. Sid 16435 will alert if web-client.rules is listed before policy.rules in the configuration file.
- Due date set to 07/09/2010
- Status changed from New to Assigned
- Assignee set to Anoop Saldanha
- Target version set to 1.0.1
- Estimated time set to 3.00 h
Shouldn't the sigordering make sure a sig that sets a flowbit is before one that needs it to be set?
- Due date changed from 07/09/2010 to 07/23/2010
- Assignee changed from Anoop Saldanha to Pablo Rincon
- Priority changed from Normal to High
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Patch applied, thanks Pablo. Commit 0c3906a99b02fe86faa4f3af72562321945180b2
Also available in: Atom
PDF