hey,
yeah this option isn’t bad, but we type of problem we are currently dealing with has millions of unique IPs, so we really need to block on the overall total rather than for a single IP. As usually, IPs are unique in the current attack we are facing. Hence we’re looking into using suricata outside of AWS firewall on a dedicated machine!