[Snort-sigs] threshold --> detection_filter
jason.r.wallace at ...2420...
Fri Sep 18 12:51:09 EDT 2009
OK, I guess I'll be the first one to ask...
After my new install of snort-2.8.5 failed to start with...
Warning: /etc/snort/rules/vrt/dns.rules(59) => threshold (in rule) is
deprecated; use detection_filter instead.
And then reading...
It looks to me like I need to replace...
"threshold: type threshold,"
"threshold: type both,"
with... "detection_filter:" in all the rules that use a threshold.
Is that an accurate statement of what I need to do with these rules?
When will snortrules-snapshot-CURRENT.tar.gz for registered users be
updated with these changes?
Shouldn't that have been done prior to/at the time of the release of 2.8.5?
More information about the Snort-sigs