Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata - Threshold Config
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata - Threshold Config (Read 3201 times)
pankaj
Full Member
Posts: 117
Karma: 5
Suricata - Threshold Config
«
on:
November 10, 2021, 08:53:47 am »
Hi,
Is there a way to leverage the threshold feature of Suricata to create suppression for known false positives within IDS alerts?
https://suricata.readthedocs.io/en/suricata-6.0.3/configuration/global-thresholds.html
Thanks,
Pankaj
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Suricata - Threshold Config
«
Reply #1 on:
November 12, 2021, 06:04:14 am »
Hi
not tested but it looks like you need to add threshold-file directive to
/usr/local/opnsense/service/templates/OPNsense/IDS/custom.yaml
pointing to your thresholds config. then add threshold.config
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata - Threshold Config