Project

General

Profile

Actions
Copy link

Feature #7120

closed
VJ VJ

threshold: add backoff type

Feature #7120: threshold: add backoff type

Added by Victor Julien almost 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Implement new `type backoff` for thresholding. This allows alerts to be limited. This is meant to control output of potentially extremely verbose rules like stream rules, decoder events, etc.

A count of 1 with a multiplier of 10 would generate alerts for matching packets: 1, 10, 100, 1000, 10000, 100000, etc.
A count of 1 with a multiplier of 2would generate alerts for matching packets: 1, 2, 4, 8, 16, 32, etc.

Like with other thresholds, rule actions like drop and setting of flowbits will still be performed for each matching packet.

Related issues 1 (0 open1 closed)

Blocked by Suricata - Feature #6822: threshold: support tracking by flowClosedVictor JulienActions

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
 #1

  • Blocked by Feature #6822: threshold: support tracking by flow added

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
 #2

  • Status changed from In Progress to In Review

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
 #3

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: PDF Atom