[Oisf-users] "Recommended" rule settings
unite at openmailbox.org
Wed Jan 14 14:46:57 UTC 2015
I'm quite new to Suricata. So, I succesfully managed to install it and
to configure it for basic use (I'm using nfqueue IPS mode). Now I want
to try secure my network, however I can't find anywhere which rules
should I enable as "drop" which as "alert" and which not to enable at
all, so my IPS wouldn't be too paranoid and don't block, for example,
low confidence traffic which is very likely to be legitimate. I'm using
open emergingthreats rules. I understand that there is no perfect and
universal rule setting - every single installation needs a unique one,
however I've seen some kinds of "recommended" rule settings in other IPS
engines - containing the rule settings that are suitable for most
deployments and then you change some if you need.
Can someone advice? It would be great help for me.
Thanks in advance!
With kind regards,
More information about the Oisf-users