Snort mailing list archives
Disabling Preprocessor/Decoder rules
From: Lauren Proehl <lauren.proehl () unitedlex com>
Date: Fri, 29 Jul 2016 14:35:08 +0000
Snort Users, Wondering if you all can help me. A new analyst accidentally enabled preproc rules last night and couldn’t figure out how to turn them off. I managed to edit the pulledpork conf and stop them from downloading, but wondering if there is a way to fine tune these rules better, i.e. Disablesid.conf snort.conf or threshold.conf. (Rule Ex: stream5: TCP Timestamp is missing) Regards, LP
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Disabling Preprocessor/Decoder rules Lauren Proehl (Jul 29)