Project

General

Profile

Actions

Documentation #5487

open

userguide: add explanation on how depth of inspection affects rules

Added by Juliana Fajardini Reichow about 2 months ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

If a rule is meant to inspect something that is too far/deep in the stream, that rule might not yield the expected results.

Explain that in our rule documentation to help save time and set expectations...

The analysis on https://redmine.openinfosecfoundation.org/issues/5176#note-2 may help showcase this behavior.

Actions #1

Updated by Juliana Fajardini Reichow about 2 months ago

  • Description updated (diff)
Actions

Also available in: Atom PDF