Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: pankaj on November 10, 2021, 08:53:47 AM

Title: Suricata - Threshold Config
Post by: pankaj on November 10, 2021, 08:53:47 AM


Hi,

Is there a way to leverage the threshold feature of Suricata to create suppression for known false positives within IDS alerts?
https://suricata.readthedocs.io/en/suricata-6.0.3/configuration/global-thresholds.html (https://suricata.readthedocs.io/en/suricata-6.0.3/configuration/global-thresholds.html)

Thanks,

Pankaj
Title: Re: Suricata - Threshold Config
Post by: Fright on November 12, 2021, 06:04:14 AM
Hi
not tested but it looks like you need to add threshold-file directive to
/usr/local/opnsense/service/templates/OPNsense/IDS/custom.yaml
pointing to your thresholds config. then add threshold.config
Text only | Text with Images