Show Posts
1
24.1 Legacy Series / Suricata IPS Block Bad Actors - Add to Firewall Alias Group
« on: May 19, 2024, 09:19:17 pm »
Hi.
Long timer listener, first time caller
Is it possible to add some automation in to add a bad actor source IP from Suricata /var/log/suricata/eve.json and to add the offending IP into a Firewall alias group?
Perhaps using Monit, Shell Script, Cron, Fail2Ban or some API call?
I think this would be an invaluable feature, and would save me from manually logging to reduce/secure the attack surface.
Many thanks.
Long timer listener, first time caller
Is it possible to add some automation in to add a bad actor source IP from Suricata /var/log/suricata/eve.json and to add the offending IP into a Firewall alias group?
Perhaps using Monit, Shell Script, Cron, Fail2Ban or some API call?
I think this would be an invaluable feature, and would save me from manually logging to reduce/secure the attack surface.
Many thanks.