Project

General

Profile

Actions

Documentation #5487

open

userguide: add explanation on how depth of inspection affects rules

Added by Juliana Fajardini Reichow over 2 years ago. Updated over 2 years ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

If a rule is meant to inspect something that is too far/deep in the stream, that rule might not yield the expected results.

Explain that in our rule documentation to help save time and set expectations...

The analysis on https://redmine.openinfosecfoundation.org/issues/5176#note-2 may help showcase this behavior.

Actions

Also available in: Atom PDF