3885
Comment:
|
← Revision 18 as of 2021-05-09 13:48:01 ⇥
3883
|
Deletions are marked like this. | Additions are marked like this. |
Line 12: | Line 12: |
/* I found [[https://elatov.github.io/2016/11/setup-suricata-on-pfsense/|this]] site to be useful as well */: | |
Line 45: | Line 46: |
1. Show that there is no alert for it. 1. Try to violate the rule. |
1. Show that there has no alert for it. 1. Then violate the rule. |
Line 48: | Line 49: |
/* I found [[https://elatov.github.io/2016/11/setup-suricata-on-pfsense/|this]] site to be useful as well */ |
Lab 07 IDS/IPS with Suricata and pfSense
Introduction
Many users seem to think you can just install the Snort package and forget about it and your network will be protected. That's not true. You have to install the package, enable some rules, then start disabling false positives or adding suppress list entries for them. You have to analyze what types of assets you are protecting (web servers, mail servers, database servers, etc.) and set up either package keeping the defended networks/servers in mind. You set things like ports, operating system types, etc. Then you make sure the proper rules are active.
This lab introduces you to Suricata.
Lab Goal
Install Suricata on the pfSense box. You may use the documentation from NetGate (be aware that it does not have a specific Suricata install page, but instead points you to the Snort docs). I followed the steps below: