Show Posts
1
Intrusion Detection and Prevention / First Time User
« on: December 28, 2020, 07:33:33 pm »
Hello everyone, I just made the switch from pfSense which I liked Suricata a lot in. After configuring my network I installed Suricata and went to the Intrusion Detection section to get started but its just a world of difference to me between OPNSense and pfSense and the way each have Suricata.
So I was hoping to ask a few questions.
1) Is there a way to suppress alerts like on pf?
2) When adding rulesets in pf it was just select and go, I see here its like that under Download but when I go to Rules there are 59 pages of rules with no all selected. I am curious how these are picked to be enabled or not?
3) I also see there are no settings to block an IP for a certain length, is there a way to add that? Is the current config blocked indefinitely?
4) Once an IP is blocked, will there be a Blocked tab at all or does it just show in alerts?
Thanks! I am also open for any tweaking tips too.
So I was hoping to ask a few questions.
1) Is there a way to suppress alerts like on pf?
2) When adding rulesets in pf it was just select and go, I see here its like that under Download but when I go to Rules there are 59 pages of rules with no all selected. I am curious how these are picked to be enabled or not?
3) I also see there are no settings to block an IP for a certain length, is there a way to add that? Is the current config blocked indefinitely?
4) Once an IP is blocked, will there be a Blocked tab at all or does it just show in alerts?
Thanks! I am also open for any tweaking tips too.