Skip to content

Commit

Permalink
userguide/upgrade: add note about alerts' increase
Browse files Browse the repository at this point in the history 
With triggering stream reassembly early, since for certain types of
rules there may be more alerts triggered - even in IPS mode, make this
clear in the upgrading section.

Bug OISF#7026
  • Loading branch information
@jufajardini @victorjulien
jufajardini authored and victorjulien committed Jun 7, 2024
1 parent bb45ac7 commit 43b998a
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions doc/userguide/upgrade.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@ Major changes
Instead, both the SDP parser and logger depend on being invoked by another parser (or logger).
- ARP decoder and logger have been introduced.
Since ARP can be quite verbose and produce many events, the logger is disabled by default.
- It is possible to see an increase of alerts, for the same rule-sets, if you
use many stream/payload rules, due to Suricata triggering TCP stream
reassembly earlier.

Upgrading 6.0 to 7.0
--------------------
Expand Down

0 comments on commit 43b998a

Please sign in to comment.