11-26-2018 01:11 AM
I have the same trouble in version 6.2.0.4
I can reproduce the problem :
- open a TCP session
- generate some bad request
- packet are drop by the sensor
- close the TCP session
Instead of multiple alert for each drop packet, it will generate a uniq alert.
This alert have the timestamp of the first bad request and "would have drop" status.