[Oisf-users] How to deploy suricata

Leonard ljacobs at netsecuris.com
Sat Jul 28 22:50:14 UTC 2018


Suricata can run on a separate dedicated hardware at the border and not necessarily installed on a firewall or router.

> On Jul 28, 2018, at 5:10 PM, Oliver Humpage <oliver at watershed.co.uk> wrote:
> 
> 
>> On 28 Jul 2018, at 08:48, Utkarsh Bhargava <utkarsh at null.co.in> wrote:
>> 
>> How to monitor the entire network ( 120 nodes ) using suricata ? Do I need to install suricata on each device or there's something like suricata agents as we have in OSSEC ?
> 
> You probably have two options.
> 
> 1. If you don’t want suricata running on every host, you could run it on a router/firewall that sits at the boundary of the network instead. This wouldn’t protect hosts from each other, but would simplify the installation.
> 
> 2. If you want host-based protection then yes, you need to install suricata on every host. There’s no other way it can work, since suricata needs to inspect network traffic, and you can’t forward the traffic from 120 hosts to a central server! However, you can centralise the logging of alerts, much as you do with ossec. Suricata can output in various formats, and you can send those logs/alerts to your central logging system such as an ELK stack, etc.
> 
> Hope that helps,
> 
> Oliver.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/



This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify Netsecuris management at mgmt at netsecuris.com. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Netsecuris Inc. The integrity and security of this message cannot be guaranteed on the Internet 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180728/3109a7e4/attachment.html>


More information about the Oisf-users mailing list