Lab 07 IDS/IPS with Suricata and pfSense
Many users seem to think you can just install the Snort package and forget about it and your network will be protected. That's not true. You have to install the package, enable some rules, then start disabling false positives or adding suppress list entries for them. You have to analyze what types of assets you are protecting (web servers, mail servers, database servers, etc.) and set up either package keeping the defended networks/servers in mind. You set things like ports, operating system types, etc. Then you make sure the proper rules are active.
This lab introduces you to Suricata.
Install Suricata on the pfSense box. You may use the documentation from NetGate (be aware that it does not have a specific Suricata install page, but instead points you to the Snort docs). I followed the steps below: