secubox-openwrt/package/secubox/secubox-network-anomaly/files/etc/config/network-anomaly

config anomaly 'main'
	option enabled '1'
	option interval '60'
	option localai_url 'http://127.0.0.1:8091'
	option localai_model 'tinyllama-1.1b-chat-v1.0.Q4_K_M'
	option auto_block '0'
	option min_confidence '75'
	option baseline_hours '24'

config thresholds 'thresholds'
	option bandwidth_spike_percent '200'
	option new_connections_per_min '50'
	option unique_ports_per_host '20'
	option dns_queries_per_min '100'
	option failed_connections_percent '30'

config detection 'detection'
	option bandwidth_anomaly '1'
	option connection_flood '1'
	option port_scan '1'
	option dns_anomaly '1'
	option protocol_anomaly '1'
	option geo_anomaly '1'

config alerting 'alerting'
	option crowdsec_integration '1'
	option log_alerts '1'
	option mesh_broadcast '0'