Feature #2906
Updated by Victor Julien over 5 years ago
Suricata-update comes with the function This commit adds functionality that ensures that previously disabled rules that depend on flowbits will get enabled recursively until all by flowbit dependencies/conflicts are resolved. This leads to the following problem: Rules that have been previously disabled (e.g. in disable.conf) dependencies will get enabled and could produce a lot of noise (e.g. ET INFO rules that match on vulnerable Java versions). I would suggest to add receive the flowbits:noalert option, if --flowbit-no-alert option "flowbit-no-alert" to enable flowbit dependencies "silently" and no alerts gets triggered for those rules. is set.