[Oisf-users] Configure IPS and NSM in Suricata.
Bjørn Ruberg
bjorn at ruberg.no
Tue Apr 2 18:35:04 UTC 2019
On 02.04.2019 15:46, Kaushal Shriyan wrote:
>
> On Mon, Apr 1, 2019 at 11:58 AM Bjørn Ruberg <bjorn at ruberg.no
> <mailto:bjorn at ruberg.no>> wrote:
>
> On 01.04.2019 07:44, Kaushal Shriyan wrote:
> >
> >
> > On Sun, Mar 31, 2019 at 7:26 AM Kaushal Shriyan
> > <kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>
> <mailto:kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>>>
> wrote:
> >
> >
> >
> > On Sat, Mar 30, 2019 at 9:14 PM Kaushal Shriyan
> > <kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>
> <mailto:kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>>>
> wrote:
> >
> > Hi,
> >
> > I am running Suricata 4.1.3 on CentOS Linux release 7.6.1810
> > (Core) and have configured Suricata in IDS mode. I will
> > appreciate if you can help me to configure IPS and NSM in
> Suricata.
>
> Did you take a look at
>
> https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/
>
> and
>
> https://suricata.readthedocs.io/en/suricata-4.1.3/setting-up-ipsinline-for-linux.html
>
>
>
> Hi Bjørn,
>
> Thanks a lot Bjørn for the email and I could configure IPS and test it
> using drop rules. It worked like a charm. Is there a way to enable NSM (
> Network Security Monitoring) in Suricata which is currently configured
> for both IDS and IPS mode?
What do you need from an NSM, just packet capture?
NSM functions are somewhat documented here:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/NSM_runmode
--
Bjørn
More information about the Oisf-users
mailing list