How does Suricata work on a dedicated host?

Started by vibe, Today at 02:23:04 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 02:23:04 AM Last Edit: Today at 02:26:49 AM by vibe
I have only ever used Suricata and Snort on a firewall device, but I am intrigued about using it on a dedicated host and removing that processing overhead from the firewall(s). My network has a classic two firewall and DMZ setup. One firewall is a perimeter firewall with internet on one side, DMZ on the other. The second firewall is a firewall/router that has DMZ on one side and separate internal networks on the other. I would like to locate a dedicated Suricata box in the DMZ as a sensor. I understand how this would work as an IDS with one interface, but I don't know how exactly I could get a dedicated Suricata host to act as an IPS without running two interfaces as a filtering bridge. All of my managed switches are layer 2. Can anyone point me to a howto for this type of setup? I am interested in using the full scope of Suricata features for packet capture and trend analysis with an ELK stack.
Today at 04:53:29 AM #1
Just note suricata is not a firewall at present.
Print
Go Up Pages1
User actions