[Oisf-users] Place to install Suricata

Rovnov Pavel provnov at solidex.by
Thu May 14 13:24:13 UTC 2015 

Hello Minh,

 

1)      Security function. As many vendors FortiGate uses signatures for AV, IPS and Application Control and also code execution (emulation) for AV. This is quite enough to detect known attacks aimed at both servers and clients. To gain even more control you can use any sandboxing solution (like FortiSandbox, or any other) to detect attacks aimed at clients, or you can use network visibility solutions (here I think Suricata can help) to detect successful attacks indicators.

 

2)      Monitoring function. You can log any flow with FortiGate traffic log (these can be many log entries), do netflow/sflow, or use Application Control to detect applications.

 

These all are quite easy to manage.

 

Regards.

 

From: minh van [mailto:mvtrung27 at gmail.com] 
Sent: Thursday, May 14, 2015 4:06 PM
To: Rovnov Pavel
Cc: oisf-users at lists.openinfosecfoundation.org
Subject: RE: [Oisf-users] Place to install Suricata

 

Hello, 

I think the fortigate is not enough strong in alert, analyse, APT...  and also monitoring.
If i am wrong please point me the right direction.

Thanks &regards

________________________________

From: Rovnov Pavel <mailto:provnov at solidex.by> 
Sent: ‎5/‎14/‎2015 5:00 PM
To: Minh Trung <mailto:mvtrung27 at gmail.com> 
Cc: oisf-users at lists.openinfosecfoundation.org
Subject: RE: [Oisf-users] Place to install Suricata

Hello Minh,

 

Why don’t you use FortiGate? For what specific purpose do you need Suricata?

 

Regards,

 

Pavel

 

From: oisf-users-bounces at lists.openinfosecfoundation.org [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Minh Trung
Sent: Thursday, May 14, 2015 11:07 AM
To: oisf-users at lists.openinfosecfoundation.org
Subject: [Oisf-users] Place to install Suricata

 

Hi experts,

My network as below:

                                                                                                                                            Internet line     

           |            
|

Router
|
|
Switch(Cisco 2960)
|
|
       VPN 1 line <------+--------- Firewalls(Fortinet) -------+--------> VPN 2 line

|
|
Core switches
|             |
|             |
                        LAN       VMware system(ESX)



Is this possible to place Suricata on vmware ? which spec i need to
configuration for this machine? I want to capture all from Internet line, how to
configuration Suricata  to listen everything on Router, how configuration
router look like?
Any help is appreciated,

Regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150514/73bf1598/attachment-0002.html>

More information about the Oisf-users mailing list