Hello, and my apologies if the question is too silly.
We are seeing alerts with alert.severity = 1 and signature_severity = Informational
How are the suricata.eve.alert.severity related (if they are) with the rule’s metadata signature_severity?
We are planning to develop a NIDS based on suricata and in order to avoid to have a very noisy enviroment at the beginning we want to start with rules detecting high severity events.
Anybody has a recommendation from were to start?
Thank you very much in advance