[Oisf-users] Not running inline
David Woodfall
dave at dawoodfall.net
Tue Oct 3 01:23:45 UTC 2017
Thanks, Chris. Subscribed.
>I think of Suricata running as just a data sync. Not online. If I’m reading your question right, you’ll want to plug your monitoring NIC into a span/mirror port on a managed switch.
>
>I have a quick video on it if it helps.
>
>https://fauie.com/2017/09/23/threat-hunting-tcpdump/
>
>Sent from my iPhone
>
>> On Oct 2, 2017, at 20:32, David Woodfall <dave at dawoodfall.net> wrote:
>>
>> I have been reading up about running Suricata inline with iptables. My
>> question is, what does the topology look like if it isn't running
>> inline? Is it running in parallel with iptables, or is it more
>> complex?
>>
>> -Dave
More information about the Oisf-users
mailing list