Add Snort configuration customization guidance to DPI topic

calico-cloud/threat/deeppacketinspection.mdx

@@ -121,6 +121,13 @@
 * you use a paid subscription to a Snort ruleset
 * you have written your own Snort rules.
 
+Beyond custom rules, if you have a paid Snort subscription, you can also customize Snort configuration to fine-tune how DPI generates alerts. For example, you can:
+* **Limit alert rates** to reduce the volume of alerts generated for noisy rules
+* **Suppress alerts** for specific rules or traffic sources that are known to be benign
+* **Apply rate filters** to dynamically change alert behavior based on traffic patterns
+
+These customizations are managed through the Snort configuration file (`snort.lua`) and are mounted into the DPI container using the same initContainers mechanism described below. For details on configuring filters, suppressions, and rate limits, see the [Snort3 documentation](https://docs.snort.org/).
+
 :::important
 If you install custom Snort rules, $[prodname] will stop updating the community rules with each minor release.
 You will be responsible for making sure your rules are up to date.

calico-cloud_versioned_docs/version-22-2/threat/deeppacketinspection.mdx

@@ -121,6 +121,13 @@
 * you use a paid subscription to a Snort ruleset
 * you have written your own Snort rules.
 
+Beyond custom rules, if you have a paid Snort subscription, you can also customize Snort configuration to fine-tune how DPI generates alerts. For example, you can:
+* **Limit alert rates** to reduce the volume of alerts generated for noisy rules
+* **Suppress alerts** for specific rules or traffic sources that are known to be benign
+* **Apply rate filters** to dynamically change alert behavior based on traffic patterns
+
+These customizations are managed through the Snort configuration file (`snort.lua`) and are mounted into the DPI container using the same initContainers mechanism described below. For details on configuring filters, suppressions, and rate limits, see the [Snort3 documentation](https://docs.snort.org/).
+
 :::important
 If you install custom Snort rules, $[prodname] will stop updating the community rules with each minor release.
 You will be responsible for making sure your rules are up to date.

calico-enterprise/threat/deeppacketinspection.mdx

@@ -121,6 +121,13 @@
 * you use a paid subscription to a Snort ruleset
 * you have written your own Snort rules.
 
+Beyond custom rules, if you have a paid Snort subscription, you can also customize Snort configuration to fine-tune how DPI generates alerts. For example, you can:
+* **Limit alert rates** to reduce the volume of alerts generated for noisy rules
+* **Suppress alerts** for specific rules or traffic sources that are known to be benign
+* **Apply rate filters** to dynamically change alert behavior based on traffic patterns
+
+These customizations are managed through the Snort configuration file (`snort.lua`) and are mounted into the DPI container using the same initContainers mechanism described below. For details on configuring filters, suppressions, and rate limits, see the [Snort3 documentation](https://docs.snort.org/).
+
 :::important
 If you install custom Snort rules, $[prodname] will stop updating the community rules with each minor release.
 You will be responsible for making sure your rules are up to date.

calico-enterprise_versioned_docs/version-3.20-2/threat/deeppacketinspection.mdx

@@ -121,6 +121,13 @@
 * you use a paid subscription to a Snort ruleset
 * you have written your own Snort rules.
 
+Beyond custom rules, if you have a paid Snort subscription, you can also customize Snort configuration to fine-tune how DPI generates alerts. For example, you can:
+* **Limit alert rates** to reduce the volume of alerts generated for noisy rules
+* **Suppress alerts** for specific rules or traffic sources that are known to be benign
+* **Apply rate filters** to dynamically change alert behavior based on traffic patterns
+
+These customizations are managed through the Snort configuration file (`snort.lua`) and are mounted into the DPI container using the same initContainers mechanism described below. For details on configuring filters, suppressions, and rate limits, see the [Snort3 documentation](https://docs.snort.org/).
+
 :::important
 If you install custom Snort rules, $[prodname] will stop updating the community rules with each minor release.
 You will be responsible for making sure your rules are up to date.

calico-enterprise_versioned_docs/version-3.21-2/threat/deeppacketinspection.mdx

@@ -121,6 +121,13 @@
 * you use a paid subscription to a Snort ruleset
 * you have written your own Snort rules.
 
+Beyond custom rules, if you have a paid Snort subscription, you can also customize Snort configuration to fine-tune how DPI generates alerts. For example, you can:
+* **Limit alert rates** to reduce the volume of alerts generated for noisy rules
+* **Suppress alerts** for specific rules or traffic sources that are known to be benign
+* **Apply rate filters** to dynamically change alert behavior based on traffic patterns
+
+These customizations are managed through the Snort configuration file (`snort.lua`) and are mounted into the DPI container using the same initContainers mechanism described below. For details on configuring filters, suppressions, and rate limits, see the [Snort3 documentation](https://docs.snort.org/).
+
 :::important
 If you install custom Snort rules, $[prodname] will stop updating the community rules with each minor release.
 You will be responsible for making sure your rules are up to date.

calico-enterprise_versioned_docs/version-3.22-2/threat/deeppacketinspection.mdx

@@ -121,6 +121,13 @@ You may want to install your own rules if:
 * you use a paid subscription to a Snort ruleset
 * you have written your own Snort rules.
 
+Beyond custom rules, if you have a paid Snort subscription, you can also customize Snort configuration to fine-tune how DPI generates alerts. For example, you can:
+* **Limit alert rates** to reduce the volume of alerts generated for noisy rules
+* **Suppress alerts** for specific rules or traffic sources that are known to be benign
+* **Apply rate filters** to dynamically change alert behavior based on traffic patterns
+
+These customizations are managed through the Snort configuration file (`snort.lua`) and are mounted into the DPI container using the same initContainers mechanism described below. For details on configuring filters, suppressions, and rate limits, see the [Snort3 documentation](https://docs.snort.org/).
+
 :::important
 If you install custom Snort rules, $[prodname] will stop updating the community rules with each minor release.
 You will be responsible for making sure your rules are up to date.

calico-enterprise_versioned_docs/version-3.23-1/threat/deeppacketinspection.mdx

@@ -121,6 +121,13 @@ You may want to install your own rules if:
 * you use a paid subscription to a Snort ruleset
 * you have written your own Snort rules.
 
+Beyond custom rules, if you have a paid Snort subscription, you can also customize Snort configuration to fine-tune how DPI generates alerts. For example, you can:
+* **Limit alert rates** to reduce the volume of alerts generated for noisy rules
+* **Suppress alerts** for specific rules or traffic sources that are known to be benign
+* **Apply rate filters** to dynamically change alert behavior based on traffic patterns
+
+These customizations are managed through the Snort configuration file (`snort.lua`) and are mounted into the DPI container using the same initContainers mechanism described below. For details on configuring filters, suppressions, and rate limits, see the [Snort3 documentation](https://docs.snort.org/).
+
 :::important
 If you install custom Snort rules, $[prodname] will stop updating the community rules with each minor release.
 You will be responsible for making sure your rules are up to date.