Feature #4121
Updated by Victor Julien over 3 years ago
Originally reported as a bug with a single sig, this is really about properly supporting the file inspection API.
Adding @alert http2 any any -> any any (flow:established,to_client; filemd5:test.md5; sid:5; rev:1;)@ with @15560fc6a1e4845498d8d952691afb11@ in test.md5 should trigger just a single alert in SV test http2-basic, yet it generates 23 alerts.
Setting private as this first triggers #4120.