fix suricata thresholding

2025-12-20 16:03:06 +01:00 · 2023-05-23 11:16:32 -04:00
parent eb633be437
commit cc47f9a595
3 changed files with 7 additions and 50 deletions
--- a/salt/suricata/thresholding/sids.yaml
+++ b/salt/suricata/thresholding/sids.yaml
@@ -1,44 +0,0 @@
-thresholding:
-  sids:
-    99999999999999999:
-      - threshold:
-          gen_id: 1
-          type: threshold
-          track: by_src
-          count: 10
-          seconds: 10
-      - threshold:
-          gen_id: 1
-          type: limit
-          track: by_dst
-          count: 100
-          seconds: 30
-      - rate_filter:
-          gen_id: 1
-          track: by_rule
-          count: 50
-          seconds: 30
-          new_action: alert
-          timeout: 30
-      - suppress:
-          gen_id: 1
-          track: by_either
-          ip: 10.10.3.7
-    99999999999999998:
-      - threshold:
-          gen_id: 1
-          type: limit
-          track: by_dst
-          count: 10
-          seconds: 10
-      - rate_filter:
-          gen_id: 1
-          track: by_src
-          count: 50
-          seconds: 20
-          new_action: pass
-          timeout: 60
-      - suppress:
-          gen_id: 1
-          track: by_src
-          ip: 10.10.3.0/24