Project

General

Profile

Feature #2906

Updated by Victor Julien over 5 years ago

Suricata-update comes with the function This commit adds functionality that ensures that previously 
 disabled rules that depend on flowbits will get enabled recursively until all by flowbit dependencies/conflicts are resolved. This leads to the following problem: Rules that have been previously disabled (e.g. in disable.conf) dependencies will get enabled and could produce a lot of noise (e.g. ET INFO rules that match on vulnerable Java versions). I would suggest to add receive 
 the flowbits:noalert option, if --flowbit-no-alert option "flowbit-no-alert" to enable flowbit dependencies "silently" and no alerts gets triggered for those rules. is set.

Back