"
Does anyone have experience with using Suricata as an IPS? Im on Debian and I'd like to be able to manually block and unblock specific ip addresses (iptables). I've not used Suricata as I am currently running Snort as an IDS and guardian as my IPS. I've done a bit of research into Suricata and, as far as I can tell, one can manually add rules to Suricata's rule file which will block a given ip address. When Suricata is running as a daemon, do the block rules get wiped when you restart the daemon like they do with guardian? Thanks in advance for any tips.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Intrusion Detection and Prevention / Suricata IPS manual blocking/unblocking vs. snort and guardian
February 21, 2024, 11:31:50 AMPages1
