I've been using and playing with Sensei and bought a home license, however, I've noticed that this service doesn't incorporate Squid Proxy very well. When running proxy, I can see traffic from my endpoints going straight to the proxy port on the box classified as "Web Browsing". It would be ideal if I could set my capture from the source interface of the proxy IP and Dest being the internet..
Perhaps running both services on the same box just doesn't work, but I thought I would post and see if anyone else has a workaround or a solution.
You cannot run both on the same interface by design.
Running Zenarmor along with Suricata
https://www.sunnyvalley.io/docs/troubleshooting/installation
To be clear.
I run both Suricata and ZenArmor on the same device / different use cases but you cannot have both services on the same interface.
So Web Proxy "Squid" and "Suricata" are two separate things. I can run Squid and Zenarmor on the same interface, but the way the inspection works isn't really working out for me since Zen is mainly just We filtering.