How limiting the number of alerts in the fast.log
Could you please tell me how it is possible to set up Suricata, that only one alert on one pcap-file got into the fast.log, even if the rule worked on it several times. The goal is to apply this setting to all rules at the same time.
Updated by Andreas Herz 3 days ago
- Status changed from New to Assigned
- Assignee set to Community Ticket
- Target version set to Support