[Oisf-users] Suricata IPS ???

Jeripotula, Shashiraj shashiraj.jeripotula at verizon.com
Fri Oct 31 18:32:48 UTC 2014

Hello Team,

I am evaluating Suricata for one of our product team.

I have installed Suricata, configured it and its running fine.

Copied emerging threats rules and using it. Looked at the rules, all of them are alerts and no drops.

We tried doing an DOS attack, see some basic alerts and nothing matched in emerging-dos.rules, so nothing triggered dos rules.

I have configured Suricata in IPS mode, with NFQUEUE, but still DOS attack was not prevented.

Can someone advise, how to make good use of Suricata as IPS. What additional rules should I use. Do I need to learn and write customized rules ???

Please advise.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20141031/7ee4dcba/attachment.html>

More information about the Oisf-users mailing list