OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Suricata - Threshold Config
« previous next »
  • Print
Pages: [1]

Author Topic: Suricata - Threshold Config  (Read 3200 times)

pankaj

  • Full Member
  • ***
  • Posts: 117
  • Karma: 5
    • View Profile
Suricata - Threshold Config
« on: November 10, 2021, 08:53:47 am »


Hi,

Is there a way to leverage the threshold feature of Suricata to create suppression for known false positives within IDS alerts?
https://suricata.readthedocs.io/en/suricata-6.0.3/configuration/global-thresholds.html

Thanks,

Pankaj
Logged

Fright

  • Hero Member
  • *****
  • Posts: 1777
  • Karma: 164
    • View Profile
Re: Suricata - Threshold Config
« Reply #1 on: November 12, 2021, 06:04:14 am »
Hi
not tested but it looks like you need to add threshold-file directive to
/usr/local/opnsense/service/templates/OPNsense/IDS/custom.yaml
pointing to your thresholds config. then add threshold.config
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Suricata - Threshold Config
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2