[Oisf-users] Where is info on the meaning of alerts?
James Moe
jimoe at sohnen-moe.com
Sun May 10 07:23:23 UTC 2015
Hello,
suricata 2.0.7
Where can find information about alerts? In particular:
- What is the alert is about?
- Why is the alert is significant?
For instance, "SURICATA STREAM ESTABLISHED retransmission packet
before last ack". What is significant about the retransmission? Why is
it considered dubious?
Or "SURICATA HTTP Host header ambiguous". I cannot even parse that one.
Is there somewhere that discusses the implications of at the classes
of possible intrusion alerts?
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150510/a1ce5d66/attachment.pgp>
More information about the Oisf-users
mailing list