Optimization #5180
open
detect/alert: make sure that signatures with `drop` action are respected, even if the alert is discarded
Added by Juliana Fajardini Reichow over 2 years ago.
Updated over 1 year ago.
Description
Considering that an alert could be discarded from the packet queue due to queue size limitations, we must consider how signatures with the `drop` action are still taken into account, even if the respective alert is dropped.
I guess... thought must also be given with regards to how do we indicate what is going on with said traffic, even if the alert isn't kept. Debug log? Specific stats counter?
- Subject changed from detect/alert: make sure that signature with `drop` action are respected, even if the alert is discarded to detect/alert: make sure that signatures with `drop` action are respected, even if the alert is discarded
- Status changed from New to In Progress
- Status changed from In Progress to Assigned
Will stop current work on this issue because we will try to follow the approach for #4943.
- Target version changed from TBD to 7.0.0-beta1
- Status changed from Assigned to In Progress
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
- Tracker changed from Task to Optimization
- Target version changed from 7.0.0-rc1 to 7.0.0-rc2
- Target version changed from 7.0.0-rc2 to 8.0.0-beta1
Also available in: Atom
PDF