Hello all,
Is there a set of rules that I should be setting as Drop only, rather than waiting for the alert and then dropping it? Would like to get ahead of the malicious actors if I could. My firewall and Suricate stood up to a very large brute force attack a couple of days ago...yea!
Thanks,
Steve