[Oisf-users] Making Suricata Alert Per Matching Packet

Cooper F. Nelson cnelson at ucsd.edu
Mon Apr 11 22:32:22 UTC 2016


Did you try the text-only alerts?

On 4/11/2016 3:30 PM, Shane Boissevain wrote:
> So i guess my refined-refined question is:
> Should the above "Test Rule 2" IP-Only Signature (with no thresholding in
> place) trip on every packet seen from 10.0.0.100, or only on the first
> packet of the session? It seems intuitive to me that it would trip on every
> packet, but this is not the behavior I'm experiencing.
> 
> ~ Shane


-- 
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160411/9504bb34/attachment-0002.sig>


More information about the Oisf-users mailing list