IDS Rulesets Per Interface/VLANS

Started by PeeWeeHerman, April 29, 2021, 12:26:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 29, 2021, 12:26:46 PM
Hi,

Is it possible to enable different rulesets/rules to different interfaces and specifically VLANS.

Some Examples:

Work VLAN: Company is using zscaler, etc for networking and IDS is going crazy trying to analyse that traffic. I want to disable some rules.

Personal VLAN: I want a few more rules enabled but nothing crazy.

Kids VLAN: This is for computer literate and inquisitive teenagers. I want everything enabled including the kitchen sink.

Thanks
April 30, 2021, 05:07:13 AM #1 Last Edit: April 30, 2021, 06:27:32 AM by errored out
This is not possible as suricata operates with netmap framework.  Meaning, prior to when VLAN's are processed.
Print
Go Up Pages1
User actions