mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
45 lines
927 B
Plaintext
45 lines
927 B
Plaintext
thresholding:
|
|
sids:
|
|
8675309:
|
|
- threshold:
|
|
gen_id: 1
|
|
type: threshold
|
|
track: by_src
|
|
count: 10
|
|
seconds: 10
|
|
- threshold:
|
|
gen_id: 1
|
|
type: limit
|
|
track: by_dst
|
|
count: 100
|
|
seconds: 30
|
|
- rate_filter:
|
|
gen_id: 1
|
|
track: by_rule
|
|
count: 50
|
|
seconds: 30
|
|
new_action: alert
|
|
timeout: 30
|
|
- suppress:
|
|
gen_id: 1
|
|
track: by_either
|
|
ip: 10.10.3.7
|
|
11223344:
|
|
- threshold:
|
|
gen_id: 1
|
|
type: limit
|
|
track: by_dst
|
|
count: 10
|
|
seconds: 10
|
|
- rate_filter:
|
|
gen_id: 1
|
|
track: by_src
|
|
count: 50
|
|
seconds: 20
|
|
new_action: pass
|
|
timeout: 60
|
|
- suppress:
|
|
gen_id: 1
|
|
track: by_src
|
|
ip: 10.10.3.0/24
|