[Oisf-users] IPS alternatives to Snort's guardian?

Andreas Herz andi at geekosphere.org
Wed Jan 27 21:16:01 UTC 2016

On 27/01/16 at 20:10, John Devine wrote:
> Hi all,
> Currently I run snort as an IDS and guardian as an IPS. I am looking
> for alternatives to guardian for IPS software because guardian does
> not allow me to manually unblock specific IP addresses or change the
> duration of which something is blocked without some hassle or custom
> scripts. I have been messing around with Suricata and have
> successfully got it running both in IDS and IPS mode and alerting
> successfully. Right now I want to run Suricata as an IDS and have some
> other open source software to run as my IPS. Are there any decent
> alternatives to guardian.pl which allow me to manually unblock
> specific IP addresses and change the length of time in which something
> is blocked? I am looking for a good IPS 'companion' to run in tandem
> with Suricata.

I'm not familiar with guardian. Since you seem to use debian, you might
want to look into ipset which would help you adding IPs to a blacklist
for a defined period of time.

> Thanks in advance

> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net

Andreas Herz

More information about the Oisf-users mailing list