-
Notifications
You must be signed in to change notification settings - Fork 283
Alert suppression and threshold.conf
The /etc/suricata/rules/threshold.conf file contains all the alert suppression and thresholding configuration done either manually or through Scirius with respect to Suricata.
During Suricata package upgrade - an end user might be asked if the threshold.conf file should be overwritten with the package maintainer's version (which is an empty threshold.config) or if the current threshold.conf should be kept.
If you have set up in Scirius - alert suppression and thresholding rules - it is advisable to choose to keep the current threshold.config one (aka do not choose to install the package maintainers version - empty one).
If by mistake you have chosen to install the package maintainers version - no worries - just build,update and push the ruleset again from Scirius. (Suricata-> click Ruleset actions (left hand side panel) -> select Update,Build, Push -> click on Apply).