Suricata - Threshold Config

Started by pankaj, November 10, 2021, 08:53:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 10, 2021, 08:53:47 AM


Hi,

Is there a way to leverage the threshold feature of Suricata to create suppression for known false positives within IDS alerts?
https://suricata.readthedocs.io/en/suricata-6.0.3/configuration/global-thresholds.html

Thanks,

Pankaj
November 12, 2021, 06:04:14 AM #1
Hi
not tested but it looks like you need to add threshold-file directive to
/usr/local/opnsense/service/templates/OPNsense/IDS/custom.yaml
pointing to your thresholds config. then add threshold.config
Print
Go Up Pages1
User actions