[Oisf-users] Where is info on the meaning of alerts?

James Moe jimoe at sohnen-moe.com
Sun May 10 07:23:23 UTC 2015

  suricata 2.0.7

  Where can find information about alerts? In particular:
- What is the alert is about?
- Why is the alert is significant?

  For instance, "SURICATA STREAM ESTABLISHED retransmission packet
before last ack". What is significant about the retransmission? Why is
it considered dubious?
  Or "SURICATA HTTP Host header ambiguous". I cannot even parse that one.

  Is there somewhere that discusses the implications of at the classes
of possible intrusion alerts?

James Moe
moe dot james at sohnen-moe dot com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150510/a1ce5d66/attachment.pgp>

More information about the Oisf-users mailing list