This overcomes the blindness that Snort has to own signatures split above a number of TCP packets. Suricata waits right until every one of the knowledge in packets is assembled prior to it moves the information into Investigation. Each party is logged, so this Component of the system is plan-neutral https://ids07307.blogsidea.com/39769405/how-much-you-need-to-expect-you-ll-pay-for-a-good-ids
