Suricata Starter Guide

Started by baqwas, July 14, 2020, 11:49:45 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 14, 2020, 11:49:45 PM
Hello,

I have Suricata running (I believe) since Systems->Diagnostics->Services has the green play button visible for it.

Under Services->Intrusion Detection->Administration (correct place?) there are a bunch of tabs. How do I go about setting some Rules? Use Rules details? Or should I stick with Firewall NAT for my custom rules and leave Suricata for well known signatures (since I wouldn't have any clue about SSL/Fingerprint if I attempted to enter a record here)?

Sorry for being all over the place with newbie questions. I've just discovered that I need to lock down my small site from probes on a select few well known ports. Since OPNsense can do it for me, I looking for guidance (or pointers to tutorials).

Thanks.
July 15, 2020, 06:04:46 AM #1
This should be done via Firewall Rules, not IPS
July 15, 2020, 06:58:53 AM #2
OK. Will use Rules. Thx again!
Print
Go Up Pages1
User actions