Documentation #5487
Updated by Juliana Fajardini Reichow about 2 years ago
If a rule is meant to inspect something that is too far/deep in the stream, that rule might not yield the expected results.
Explain that in our rule documentation to help save time and set expectations...
The analysis on https://redmine.openinfosecfoundation.org/issues/5176#note-2 may help showcase this behavior.