___ # Tags #security-onion #rule-tuning #homelab #cybersecurity #work-in-progress # Helpful Docs - [Security Onion docs for thresholding](https://docs.securityonion.net/en/2.3/managing-alerts.html#suppressions) # Notes - The thresholding files can be in this path `/opt/so/saltstack/default/pillar/thresholding` - You have to create a `pillar.sls` file using the provided example files contexts - Here is my current `pillar.sls` file for thresholding ```txt thresholding: sids: 2028777: - suppress: gen_id: 1 track: by_dst ip: 23.219.87.18,23.219.87.27 sids: 2027695: - suppress: gen_id: 1 track: by_src ip: 192.168.77.20 sids: 2003068: - suppress: gen_id: 1 track: by_src ip: 192.168.77.20 sids: 2001219: - suppress: gen_id: 1 track: by_src ip: 192.168.77.20 sids: 2018959: - suppress: gen_id: 1 track: by_dst ip: 192.168.77.20 ```