I have a suppress rule in threshold.config
suppress gen_id 1, sig_id 996
works as expected,
The doc mentions
‘Please note that thresholding can also be set inside a signature.’
Is there any way to have the suppress keyword directly in the signature declaration (a bypass rule with an alert in this case) ?
I could find example and test cases that uses the threshold: keyword, but nothing about suppress.
That would be very convenient if we could do that.