Highest Voted 'suricata' Questions - Server Fault Stack Exchange

1

vote

0 answers

Suricata / Filebeat / ELK - iptables tee - Create virtual hosts

I have an IDS setup as follow: Hardware / interfaces WAN <----(brwan)> ROUTER / AP <(br0)----> LAN \ -----(eth1)> | \ | IDS…

asked Jul 08 '22 at 09:35

Gabriel ROUSSEAU

11
1

0

votes

1 answer

Do I have to enter the public IP into the HOME_NET variable?

Do I have to enter the public IP of eth0 as HOME_NET in the suricata.yaml? vars: # more specific is better for alert accuracy and performance address-groups: HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]" My understanding is that…

suricata

asked Dec 29 '21 at 11:32

Gill-Bates

489
5
17

0

votes

1 answer

Sending a malicious package as a test to test Suricata alerts

I have a reverseproxy that proxies HTTP/HTTPS traffic between webbservers and I have set up Suricata in order to find and block malicious traffic to it. Is there any way to trigger a alert via a CURL-request? Does the EICAR-test work? I have done…

linux security curl suricata

asked Jul 07 '21 at 10:24

Orphans

1,404
17
26

Questions tagged [suricata]

Suricata / Filebeat / ELK - iptables tee - Create virtual hosts

Do I have to enter the public IP into the HOME_NET variable?

Sending a malicious package as a test to test Suricata alerts