[Snort-users] Notes for Community rule 29456
jthoel at ...11827...
Thu Jan 23 19:50:32 EST 2014
We had to add a few things to this rule to not alert on valid traffic.
I'm not sure if these should be in the rule, but they might help
NetApps do pings to DC's with no data, so with James's help, we found
that dsize:>10; made those alerts go away.
DC's where talking to other DC's:
And the "abcd...hi" was all upper case, and some devices send lower
case, so we added another !content with lowercase instead of using
'nocase' (to avoid maybe having something send via mixed case and get
More information about the Snort-users