Add Snort configuration customization guidance to DPI topic#2537
Add Snort configuration customization guidance to DPI topic#2537ctauchen wants to merge 1 commit intotigera:mainfrom
Conversation
✅ Deploy Preview for calico-docs-preview-next ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
✅ Deploy Preview succeeded!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify project configuration. |
ctauchen
force-pushed
the
docs-2857-dpi-snort-customization
branch
from
6fb7a0e to
bb57493
Compare
There was a problem hiding this comment.
Pull request overview
Adds guidance to Deep Packet Inspection documentation about customizing Snort configuration (rate limiting, suppression, rate filters) alongside existing “Install custom Snort rules” instructions, and also updates Calico OSS v3.31 documentation metadata to reference the new v3.31.5 release.
Changes:
- Add Snort configuration customization guidance and a link to Snort3 docs in CE/CC DPI topics (unversioned + all existing versioned dirs).
- Bump Calico OSS v3.31 docs release metadata from v3.31.3 to v3.31.5 and add a new v3.31.5 entry to releases.json.
- Add a new v3.31.5 release-notes section.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| calico_versioned_docs/version-3.31/variables.js | Updates v3.31 docs variables to point at v3.31.5 (releaseTitle/manifestsUrl). |
| calico_versioned_docs/version-3.31/releases.json | Adds v3.31.5 release/component image versions (newest entry at top). |
| calico_versioned_docs/version-3.31/release-notes/index.mdx | Adds v3.31.5 release-notes section (currently with placeholders). |
| calico-enterprise/threat/deeppacketinspection.mdx | Adds Snort configuration customization guidance to DPI “Install custom Snort rules”. |
| calico-enterprise_versioned_docs/version-3.23-1/threat/deeppacketinspection.mdx | Same Snort customization guidance for CE v3.23-1 docs. |
| calico-enterprise_versioned_docs/version-3.22-2/threat/deeppacketinspection.mdx | Same Snort customization guidance for CE v3.22-2 docs. |
| calico-enterprise_versioned_docs/version-3.21-2/threat/deeppacketinspection.mdx | Same Snort customization guidance for CE v3.21-2 docs. |
| calico-enterprise_versioned_docs/version-3.20-2/threat/deeppacketinspection.mdx | Same Snort customization guidance for CE v3.20-2 docs. |
| calico-cloud/threat/deeppacketinspection.mdx | Adds Snort configuration customization guidance to DPI topic for Cloud docs. |
| calico-cloud_versioned_docs/version-22-2/threat/deeppacketinspection.mdx | Same Snort customization guidance for Cloud v22-2 docs. |
| * **Suppress alerts** for specific rules or traffic sources that are known to be benign | ||
| * **Apply rate filters** to dynamically change alert behavior based on traffic patterns | ||
|
|
||
| These customizations are managed through the Snort configuration file (`snort.lua`) and are mounted into the DPI container using the same initContainers mechanism described below. For details on configuring filters, suppressions, and rate limits, see the [Snort3 documentation](https://docs.snort.org/). |
There was a problem hiding this comment.
This paragraph says Snort configuration customizations are "mounted" via the same initContainers mechanism shown below, but the steps below only demonstrate copying rule files into /usr/etc/snort/rules/. Consider clarifying the wording (mount vs copy) and add a brief note/example of how to provide snort.lua (including the target path) using that mechanism.
| * **Suppress alerts** for specific rules or traffic sources that are known to be benign | ||
| * **Apply rate filters** to dynamically change alert behavior based on traffic patterns | ||
|
|
||
| These customizations are managed through the Snort configuration file (`snort.lua`) and are mounted into the DPI container using the same initContainers mechanism described below. For details on configuring filters, suppressions, and rate limits, see the [Snort3 documentation](https://docs.snort.org/). |
There was a problem hiding this comment.
This paragraph says Snort configuration customizations are "mounted" via the same initContainers mechanism shown below, but the steps below only demonstrate copying rule files into /usr/etc/snort/rules/. Consider clarifying the wording (mount vs copy) and add a brief note/example of how to provide snort.lua (including the target path) using that mechanism.
| * **Suppress alerts** for specific rules or traffic sources that are known to be benign | ||
| * **Apply rate filters** to dynamically change alert behavior based on traffic patterns | ||
|
|
||
| These customizations are managed through the Snort configuration file (`snort.lua`) and are mounted into the DPI container using the same initContainers mechanism described below. For details on configuring filters, suppressions, and rate limits, see the [Snort3 documentation](https://docs.snort.org/). |
There was a problem hiding this comment.
This paragraph says Snort configuration customizations are "mounted" via the same initContainers mechanism shown below, but the steps below only demonstrate copying rule files into /usr/etc/snort/rules/. Consider clarifying the wording (mount vs copy) and add a brief note/example of how to provide snort.lua (including the target path) using that mechanism.
| * **Suppress alerts** for specific rules or traffic sources that are known to be benign | ||
| * **Apply rate filters** to dynamically change alert behavior based on traffic patterns | ||
|
|
||
| These customizations are managed through the Snort configuration file (`snort.lua`) and are mounted into the DPI container using the same initContainers mechanism described below. For details on configuring filters, suppressions, and rate limits, see the [Snort3 documentation](https://docs.snort.org/). |
There was a problem hiding this comment.
This paragraph says Snort configuration customizations are "mounted" via the same initContainers mechanism shown below, but the steps below only demonstrate copying rule files into /usr/etc/snort/rules/. Consider clarifying the wording (mount vs copy) and add a brief note/example of how to provide snort.lua (including the target path) using that mechanism.
Call out common use cases (alert rate limiting, suppression, rate filters) in the custom Snort rules section and direct users to Snort3 docs for configuration details. DOCS-2857
ctauchen
force-pushed
the
docs-2857-dpi-snort-customization
branch
from
bb57493 to
e20e207
Compare
Summary
Test plan
https://deploy-preview-2537--tigera.netlify.app/calico-enterprise/latest/threat/deeppacketinspection#install-custom-snort-rules
DOCS-2857