[Oisf-users] Hello and question about setting up Suricata as a Web Application IDS

Victor Julien victor at inliniac.net
Thu Mar 24 11:27:02 UTC 2011

On 03/24/2011 11:34 AM, Michiel van Es wrote:
>  On Thu, 24 Mar 2011 10:30:38 +0000, Chris Wakelin wrote:
>> On 24/03/11 10:19, Michiel van Es wrote:
>>>  Hi,
>>>  I am pretty new to Snort/Suricata and WAF's.
>>>  I have set up Snort with some rules (web-attacks.rules) with some
>>>  simple custom rules to detect XSS and SQL Injection:
>>>  My goal is to setup Suricata as a replacement of snort and it only
>>>  should detect XSS and SQL injection attacks, I don't bother about 
>>> all
>>>  other rules/alerts (like portscans etc.).
>> ...
>>>  I just want Suricata to detect and log/alert me about these 
>>> attacks.
>>>  I use Ubuntu 10.10 (Maverick) 64 bit with the Suricata package from 
>>> its
>>>  repo:
>>>  root at vps500:/etc/snort/rules# dpkg -l | grep suricata
>>>  ii  suricata                         1.0.1-1
>>>                Next Generation Intrusion Detection and Prevention 

May I suggest installing from source. Preferably the latest GIT code.


Or else at least 1.0.2:


Btw, since you are using Ubuntu there are at least 2 ppa's available
that provide more up 2 date builds:


Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list