mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
21 lines
581 B
Plaintext
21 lines
581 B
Plaintext
thresholding:
|
|
sids:
|
|
<signature id>:
|
|
- threshold:
|
|
gen_id: <generator id>
|
|
type: <threshold | limit | both>
|
|
track: <by_src | by_dst>
|
|
count: <count>
|
|
seconds: <seconds>
|
|
- rate_filter:
|
|
gen_id: <generator id>
|
|
track: <by_src | by_dst | by_rule | by_both>
|
|
count: <count>
|
|
seconds: <seconds>
|
|
new_action: <alert | pass>
|
|
timeout: <seconds>
|
|
- suppress:
|
|
gen_id: <generator id>
|
|
track: <by_src | by_dst | by_either>
|
|
ip: <ip | subnet>
|