Shawn.Jefferson at ...14448...
Tue Nov 10 13:32:40 EST 2009
I'm looking at tuning the http_inspect pre-processor, specifically some of the false positives I get from this.
My question is, if you set some of these options:
Will that affect the ability for snort to process some of the http specific rules in the ruleset? Does it affect the normalization of http traffic, or just turn off these specific alerts?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users