Hi. I am trying to understand how to limit the number of notifications that I receive from Crowdsec. I want to continue to ban IPs but I only want to receive a notification for clusters of alerts. I am looking at the group_wait and group_threshold settings but I don’t understand how they interact. Is the notification only sent when the group_threshold is exceeded within the group_wait period? For example, more than 10 alerts in 30 seconds. Or are they both independent? Can anyone give me any hints?
Cross-posted from gitter