Open Information Security Foundation

02/28/2019

01:20 PM Suricata Bug #2847: Confusing warning “Rule is inspecting both directions” when inspecting engine analysis output

Oh, I see. And even if <-> is used, the rule only should specify where it should do the inspection, regardless of who... Samu Voutilainen

07:30 AM Suricata Bug #2847: Confusing warning “Rule is inspecting both directions” when inspecting engine analysis output

Oka, thanks for the information. I guess that warning makes sense, though I assume there will be some false positives... Samu Voutilainen

02/27/2019

05:32 AM Suricata Bug #2847: Confusing warning “Rule is inspecting both directions” when inspecting engine analysis output

My output was from @suricata --dump-config@. Config has similar to what you tested.
Is there anything I could do t... Samu Voutilainen

02/26/2019

05:32 AM Suricata Bug #2847: Confusing warning “Rule is inspecting both directions” when inspecting engine analysis output

Andreas Herz wrote:
> how are HOME_NET and EXTERNAL_NET configured?
EXTERNAL_NET is just negation of HOME_NET:
... Samu Voutilainen

02/25/2019

05:06 PM Suricata Bug #2847 (Closed): Confusing warning “Rule is inspecting both directions” when inspecting engine analysis output

Hi,
I’ve been investigating engine analysis output for my rules, and it seems that most of the the warnings are co... Samu Voutilainen