[Oisf-users] libhtp defaults in suricata.yaml
Victor Julien
victor at inliniac.net
Tue Aug 14 07:05:32 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/10/2012 07:22 PM, Will Metcalf wrote:
>> ET distributes the default settings in it's yaml. What sigs need
>> more?
>
> Good point :).. We will.
Do you have any data on what limits you need? I assume the rules are
written with certain limits in mind.
> On Fri, Aug 10, 2012 at 8:54 AM, Victor Julien
> <victor at inliniac.net> wrote:
>> On 08/08/2012 06:40 PM, Will Metcalf wrote:
>>> +1 :)
>>
>> ET distributes the default settings in it's yaml. What sigs need
>> more?
>>
>>> Regards,
>>>
>>> Will
>>>
>>> On Wed, Aug 8, 2012 at 11:35 AM, Eoin Miller
>>> <eoin.miller at trojanedbinaries.com> wrote:
>>>> Wondering if we could increase the values slightly from 3072?
>>>> Missing a good deal of alerting because of these default
>>>> values. Below is default from suricata.yaml:
>>>>
>>>> ---SNIP--- libhtp:
>>>>
>>>> default-config: personality: IDS # Can be specified in kb,
>>>> mb, gb. Just a number indicates # it's in bytes.
>>>> request-body-limit: 3072 response-body-limit: 3072
>>>> ---SNIP---
>>>>
>>>>
>>>> Maybe something more like:
>>>>
>>>> ---SNIP--- libhtp:
>>>>
>>>> default-config: personality: IDS # Can be specified in kb,
>>>> mb, gb. Just a number indicates # it's in bytes.
>>>> request-body-limit: 128kb response-body-limit: 512kb
>>>> ---SNIP---
>>>>
>>>>
>>>> -- Eoin _______________________________________________
>>>> Oisf-users mailing list Oisf-users at openinfosecfoundation.org
>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>
>>>>
_______________________________________________
>>> Oisf-users mailing list Oisf-users at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>
>>
>>
>>
>>>
- --
>> --------------------------------------------- Victor Julien
>> http://www.inliniac.net/ PGP:
>> http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________ Oisf-users
>> mailing list Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>>
- --
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlAp+LsACgkQiSMBBAuniMcN7gCggVcBsLl26GUugAfwrgCUSA+I
yEAAnRMYSW24CdVA5VoGsyDfc5ZEMUYh
=Q2ep
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list