mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-24 18:03:10 +01:00
44 lines
945 B
YAML
44 lines
945 B
YAML
thresholding:
|
|
sids:
|
|
99999999999999999:
|
|
- threshold:
|
|
gen_id: 1
|
|
type: threshold
|
|
track: by_src
|
|
count: 10
|
|
seconds: 10
|
|
- threshold:
|
|
gen_id: 1
|
|
type: limit
|
|
track: by_dst
|
|
count: 100
|
|
seconds: 30
|
|
- rate_filter:
|
|
gen_id: 1
|
|
track: by_rule
|
|
count: 50
|
|
seconds: 30
|
|
new_action: alert
|
|
timeout: 30
|
|
- suppress:
|
|
gen_id: 1
|
|
track: by_either
|
|
ip: 10.10.3.7
|
|
99999999999999998:
|
|
- threshold:
|
|
gen_id: 1
|
|
type: limit
|
|
track: by_dst
|
|
count: 10
|
|
seconds: 10
|
|
- rate_filter:
|
|
gen_id: 1
|
|
track: by_src
|
|
count: 50
|
|
seconds: 20
|
|
new_action: pass
|
|
timeout: 60
|
|
- suppress:
|
|
gen_id: 1
|
|
track: by_src
|
|
ip: 10.10.3.0/24 |