i need some help with initial setup of suricata 6.0.4 on opnsense 21.7.6 ..
Quote from: pankaj on September 11, 2021, 07:54:25 PM
For those wanting to get started with IDS/IPS, this is an excellent tutorial - https://www.youtube.com/watch?v=_yIq3GM4gjA&t=6s (https://www.youtube.com/watch?v=_yIq3GM4gjA&t=6s)
is the youtube tutorial from last year now outdated? i tried:
Interfaces > Settings > Network Interfaces
hardware acceleration x3 turned off
Services > Intrusion Detection > Administration > Settings
enabled
IPS mode off so IDS will alert only
Interfaces > LAN only because Firewall > NAT > Outbound is Automatic
Administration > Download
enabled and downloaded/updated the test ruleset OPNsense-App-detect/test
Administration > Rules
7999999 alert opnsense.test.rules bad-unknown OPNsense test eicar virus
Administration > Schedule
enabled default daily update
2021-12-02T19:50:48 suricata[27873] [100250] <Notice> -- all 1 packet processing threads, 4 management threads initialized, engine started.
2021-12-02T19:50:48 suricata[26200] [100160] <Notice> -- This is Suricata version 6.0.4 RELEASE running in SYSTEM mode$ curl http://pkg.opnsense.org/test/eicar.com.txtbut no luck getting the client download of eicar.com.txt to trigger an alert
Administration > Alerts
No results found!
so i tried adding a policy but still no luck
Services > Intrusion Detection > Policy
enabled
priority: 0
rulesets: opnsense.test.rules
action: alert
rules classtype: nothing selected
new acton: alert
i've seen this video. the only think i see two dudes talking about IDS but no tutorial or whatsoever.
i hope someone would pop up with a tutorial