Bug #2372: Non-deterministic behavior when encountering duplicated SIDs - Suricata-Update - Open Information Security Foundation

Actions

Copy link

Bug #2372

closed

Non-deterministic behavior when encountering duplicated SIDs

Added by Nick Price over 6 years ago. Updated over 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Jason Ish

Target version:

1.1.0rc1

Affected Versions:

1.0.0b1

Effort:

Difficulty:

Label:

Description

Long story short, because suricata-update reads commented-out rules in addition to normal rules, things get really weird if you have one .rules file with a SID commented out and a separate .rules file without it commented out, and doubly so if you're trying to threshold those rules using threshold.in.

I was doing this as a way to enable rules that were commented-out by default in rulesets that I downloaded, rather than by modifying the files each time they were pulled down.

We should probably fire off a warning or something if suricata-update encounters a SID that it thinks it already knows about.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata » Suricata-Update

Bug #2372

Non-deterministic behavior when encountering duplicated SIDs

Updated by Jason Ish over 6 years ago

Updated by Victor Julien almost 6 years ago

Updated by Victor Julien over 5 years ago

Updated by Jason Ish over 5 years ago

Updated by Jason Ish about 5 years ago

Updated by Shivani Bhardwaj almost 5 years ago

Updated by Jason Ish over 4 years ago

Updated by Shivani Bhardwaj over 4 years ago

Updated by Jason Ish over 4 years ago