-
Notifications
You must be signed in to change notification settings - Fork 522
Suricata
From https://suricata-ids.org:
Suricata is a free and open source, mature, fast and robust network threat detection engine. Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats.
We compile Suricata with PF_RING to allow you to spin up multiple workers to handle more traffic.
You can configure Suricata via suricata.yaml:
/etc/nsm/HOSTNAME-INTERFACE/suricata.yaml
(where HOSTNAME is your actual hostname and INTERFACE is your actual sniffing interface)
If you need to troubleshoot Suricata, check the log file:
/var/log/nsm/HOSTNAME-INTERFACE/suricata.log
(where HOSTNAME is your actual hostname and INTERFACE is your actual sniffing interface)
For more information about Suricata, please see:
https://suricata-ids.org/
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs