stream/rules: add example rule for reassembly depth

author Jeff Lucovsky <jlucovsky@oisf.net>

Tue, 12 Jul 2022 13:07:49 +0000 (09:07 -0400)

committer Victor Julien <vjulien@oisf.net>

Fri, 5 Aug 2022 17:51:07 +0000 (19:51 +0200)
author Jeff Lucovsky <jlucovsky@oisf.net>
Tue, 12 Jul 2022 13:07:49 +0000 (09:07 -0400)
committer Victor Julien <vjulien@oisf.net>
Fri, 5 Aug 2022 17:51:07 +0000 (19:51 +0200)
diff --git a/rules/stream-events.rules b/rules/stream-events.rules

index 66998449d98ba131fe4a239a229202c06088f1f1..a267331875fa4fe383e7c0c8b08596cb9a5bfa78 100644 (file)
--- a/rules/stream-events.rules
+++ b/rules/stream-events.rules
@@ -98,5 +98,6 @@ alert tcp any any -> any any (msg:"SURICATA STREAM FIN SYN reuse"; stream-event:
  # Disabled by default as this quite common and not malicious.
  #alert tcp any any -> any any (msg:"SURICATA STREAM spurious retransmission"; stream-event:pkt_spurious_retransmission; classtype:protocol-command-decode; sid:2210061; rev:1;)
  
-# next sid 2210062
+alert tcp any any -> any any (msg:"SURICATA STREAM reassembly depth reached"; stream-event:reassembly_depth_reached; classtype:protocol-command-decode; sid:2210062; rev:1;)
+# next sid 2210063
author	Jeff Lucovsky <jlucovsky@oisf.net>
	Tue, 12 Jul 2022 13:07:49 +0000 (09:07 -0400)
committer	Victor Julien <vjulien@oisf.net>
	Fri, 5 Aug 2022 17:51:07 +0000 (19:51 +0200)