[Oisf-users] Place to install Suricata
Minh Trung
mvtrung27 at gmail.com
Mon Jun 1 09:33:01 UTC 2015
Hello all,
My DMZ are behind Firewall also.
So, all your points is point me to have dedicated suricata not on VMware?
In my case should i use Suricata or Snort better?
Any help is appreciated,
Regards,
On 19 May 2015 at 03:07, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'll agree with this. We monitor multiple DMZ vlans and see 300k-1+
> million ET alerts per 24-hour cycle. This makes separating the signal
> from the noise difficult.
>
> Ideally you would want to deploy suricata as part of a "full-stack"
> defense-in-depth deployment and have it deployed behind your
> firewall/proxy architecture.
>
> I understand many people want to "see everything", but at this point its
> a given that your DMZ is going to attacked 24x7.
>
> - -Coop
>
> On 5/18/2015 1:46 AM, Christophe Vandeplas wrote:
> > I would recommend to use that functionality to your advantage, and
> > eliminate a LOT of the incoming traffic/noise.
> > From my experience detecting APTs is usually done by finding outbound
> > traffic (CnC), and traffic attacking your DMZ systems (published
> > services). So the less noise the better, and the more time you can
> > spend to do manual analysis of the alerts you will be getting.
>
>
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
>
> iQEcBAEBAgAGBQJVWkZuAAoJEKIFRYQsa8FW2mYH/RaJxEmtLUXzJWAQc5ecuIXO
> TMDzJ1GBgn1FHKJ7PNK1jEwUQ+IE5UxlZCc49pVulyjqOSXdOi3PVvi4hpxQ9Vi1
> Gphq1AqGd5I79TEP8g0MscHJ43iQ2JdXeqfhVoJh38m+EN50FvSmZ98+53Tb29WK
> A6nCIucjcU3IUbAGK5Pwp/ErGRlytwufuKBaplB5fa/QIS1gpY5T6dXuis7ZSUAZ
> RogqmPAR0SzSYbuDG61l5OkaqKBlzptU9Z24zn/5GIG5mngyWM2JEzV5pk0mEfqi
> B7lwUDwrIWIB8Pg0FJ5iJI5y7MDJIwzgCyNQIG9fewwUnXkHRMxOuCcSiG4QNCY=
> =QrPZ
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150601/b2554c71/attachment.html>
More information about the Oisf-users
mailing list