We just upgraded from 9.8.5 to 10.4. I am noticing that the SNORT rules that we had in place are not firing now. What seems to be the issue is the value in the CONTENT option. For 9.8.5 we pretty much used what the request was, either a GET or POST. Now it seems the only way to get the rule to fire is to have the CONTENT option to reflect a value in the URI that we are already checking with the PCRE. Has anybody else run inot this issue?
