suricata: thresholding: sids__yaml: description: Threshold SIDS List file: True syntax: yaml title: SIDS helpLink: suricata.html config: vars: address-groups: HOME_NET: description: List of hosts or networks. helpLink: suricata.html EXTERNAL_NET: description: List of hosts or networks. helpLink: suricata.html HTTP_SERVERS: description: List of hosts or networks. helpLink: suricata.html SMTP_SERVERS: description: List of hosts or networks. helpLink: suricata.html SQL_SERVERS: description: List of hosts or networks. helpLink: suricata.html DNS_SERVERS: description: List of hosts or networks. helpLink: suricata.html TELNET_SERVERS: description: List of hosts or networks. helpLink: suricata.html AIM_SERVERS: description: List of hosts or networks. helpLink: suricata.html DC_SERVERS: description: List of hosts or networks. helpLink: suricata.html DNP3_SERVER: description: List of hosts or networks. helpLink: suricata.html DNP3_CLIENT: description: List of hosts or networks. helpLink: suricata.html MODBUS_CLIENT: description: List of hosts or networks. helpLink: suricata.html MODBUS_SERVER: description: List of hosts or networks. helpLink: suricata.html ENIP_CLIENT: description: List of hosts or networks. helpLink: suricata.html ENIP_SERVER: description: List of hosts or networks. helpLink: suricata.html port-groups: HTTP_PORTS: description: List of ports to look for HTTP traffic on. helpLink: suricata.html SHELLCODE_PORTS: description: List of ports to look for SHELLCODE traffic on. helpLink: suricata.html ORACLE_PORTS: description: List of ports to look for ORACLE traffic on. helpLink: suricata.html SSH_PORTS: description: List of ports to look for SSH traffic on. helpLink: suricata.html DNP3_PORTS: description: List of ports to look for DNP3 traffic on. helpLink: suricata.html MODBUS_PORTS: description: List of ports to look for MODBUS traffic on. helpLink: suricata.html FILE_DATA_PORTS: description: List of ports to look for FILE_DATA traffic on. helpLink: suricata.html FTP_PORTS: description: List of ports to look for FTP traffic on. helpLink: suricata.html VXLAN_PORTS: description: List of ports to look for VXLAN traffic on. helpLink: suricata.html TEREDO_PORTS: description: List of ports to look for TEREDO traffic on. helpLink: suricata.html outputs: eve-log: xff: enabled: description: Enable X-Forward-For support. helpLink: suricata.html mode: description: Operation mode. This should always be extra-data if you use PCAP. helpLink: suricata.html deployment: description: forward would use the first IP address and reverse would use the last. helpLink: suricata.html header: description: Header name where the actual IP address will be reported. helpLink: suricata.html asn1-max-frames: description: Maximum nuber of asn1 frames to decode. helpLink: suricata.html max-pending-packets: description: Number of packets preallocated per thread. helpLink: suricata.html default-packet-size: description: Preallocated size for each packet. helpLink: suricata.html pcre: match-limit: description: Match limit for PCRE. helpLink: suricata.html match-limit-recursion: description: Recursion limit for PCRE. helpLink: suricata.html defrag: memcap: description: Max memory to use for defrag. You should only change this if you know what you are doing. helpLink: suricata.html hash-size: description: Hash size helpLink: suricata.html trackers: description: Number of defragmented flows to follow. helpLink: suricata.html max-frags: description: Max number of fragments to keep helpLink: suricata.html prealloc: description: Preallocate memory. helpLink: suricata.html timeout: description: Timeout value. helpLink: suricata.html flow: memcap: description: Reserverd memory for flows. helpLink: suricata.html hash-size: description: Determines the size of the hash used to identify flows inside the engine. helpLink: suricata.html prealloc: description: Number of preallocated flows. helpLink: suricata.html stream: memcap: description: Can be specified in kb,mb,gb. helpLink: suricata.html checksum-validation: description: Validate checksum of packets. helpLink: suricata.html reassembly: memcap: description: Can be specified in kb,mb,gb. helpLink: suricata.html host: hash-size: description: Hash size in bytes. helpLink: suricata.html prealloc: description: How many streams to preallocate. helpLink: suricata.html memcap: description: Memory settings for host. helpLink: suricata.html decoder: teredo: enabled: description: Enable TEREDO capabilities helpLink: suricata.html ports: description: Ports to listen for. This should be a variable. helpLink: suricata.html vxlan: enabled: description: Enable VXLAN capabilities. helpLink: suricata.html ports: description: Ports to listen for. This should be a variable. helpLink: suricata.html