Actions
Documentation #5465
opendoc/userguide: document terminating behavior of rule actions
Affected Versions:
Effort:
Difficulty:
Label:
Description
Various actions have different "terminating behaviors" in different scenarios.
e.g.:
alert will not terminate, but is limited to a max number of alerts per packet in the output
pass will immediately stop logging more alerts for the same packet and future alerts in the flow
drop will currently log all alerts for a packet, then drop the rest of the flow
Updated by Victor Julien almost 2 years ago
Once we have fully documented the current behavior we need to consider if the behavior actually makes sense. If changes are needed we can track that in a new ticket.
Updated by Victor Julien almost 2 years ago
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Updated by Victor Julien over 1 year ago
- Target version changed from 7.0.0-rc1 to 7.0.0-rc2
Updated by Juliana Fajardini Reichow over 1 year ago
- Tracker changed from Task to Documentation
Updated by Victor Julien over 1 year ago
- Target version changed from 7.0.0-rc2 to 8.0.0-beta1
Updated by Victor Julien 18 days ago
- Assignee changed from Juliana Fajardini Reichow to OISF Dev
Actions