Hello Suricata Community,
I am currently using Suricata to monitor traffic from a 10GB TAP. I tested it with the default rules, and within just 30 minutes, the eve.json file grew to 5GB, generating 3 million hits in Wazuh. This caused a significant delay in the Wazuh dashboard, making it difficult to detect current alerts in real time.
What tweaks can I apply to optimize performance? Also, are there specific rules that I should disable to filter out less important alerts?