[Snort-sigs] Question About Threshholds

Miso Patel miso.patel at ...2420...
Wed Mar 20 11:40:10 EDT 2013


I apologize for a simple question but I was hoping for some clarity on a
situation from my engineers.

If a Snort signature is threshold (using the "limit" option), does this
just limit alerts and does the dropping of this traffic if this rule is
written to drop and the Snort is in "IPS mode" still happen even if the
threshold is causing not all alerts to be generated?

I think it does  but the Snort manual does not make this clear or I am not
reading the right pages.

Thanks.

-Miso, CISO
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130320/b0160547/attachment.html>


More information about the Snort-sigs mailing list