Is it (or will it be) possible to auto-block external addresses that are located by the IDS and Suricata rules?
The alerts are fantastic for tracking down a misbehaving host. It isn't always possible to 1) get to it right away and 2) monitor threats realtime.
Or does it already do this and I'm not seeing a setting or understanding that enabling will do this.
Thank you as always.
			
			
			
				Currently it's not possible, the ips part is still on the todo list and will come available later on.