Actions
Documentation #5910
opendevguide: explain possible differences in data inspection with inline stream or not
Affected Versions:
Effort:
Difficulty:
Label:
Description
The inline stream engine controls when and how data is inspected. In some cases, this may result in an asymmetry when traffic is inspected in inline mode or not (e.g. it would be possible to see [one] extra alert in inline mode when compared to non-inline mode).
When: ACKed or non-ACKed data.
How: by [ACKed] chunks?
This seems important to be documented, as in some cases - say, when running similar tests in IDS vs IPS mode, there could be a mismatch in the number of alerts generated, due to that.
Updated by Victor Julien 5 months ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Updated by Victor Julien 18 days ago
- Target version changed from 8.0.0-rc1 to 8.0.0
Updated by Juliana Fajardini Reichow 5 days ago
- Related to Documentation #5513: userguide: add a chapter for IPS mode added
Updated by Juliana Fajardini Reichow 5 days ago
- Related to Documentation #4351: doc: explain the engine logic to trigger inspection of TCP data added
Updated by Victor Julien 5 days ago
- Target version changed from 8.0.0 to 9.0.0-beta1
Actions