[Oisf-users] "Recommended" rule settings

unite unite at openmailbox.org
Wed Jan 14 14:46:57 UTC 2015


Hi guys!

I'm quite new to Suricata. So, I succesfully managed to install it and 
to configure it for basic use (I'm using nfqueue IPS mode). Now I want 
to try secure my network, however I can't find anywhere which rules 
should I enable as "drop" which as "alert" and which not to enable at 
all, so my IPS wouldn't be too paranoid and don't block, for example, 
low confidence traffic which is very likely to be legitimate. I'm using 
open emergingthreats rules. I understand that there is no perfect and 
universal rule setting - every single installation needs a unique one, 
however I've seen some kinds of "recommended" rule settings in other IPS 
engines - containing the rule settings that are suitable for most 
deployments and then you change some if you need.

Can someone advice? It would be great help for me.

Thanks in advance!

-- 
With kind regards,
Alex


More information about the Oisf-users mailing list