[Oisf-users] Configure IPS and NSM in Suricata.

Bjørn Ruberg bjorn at ruberg.no
Tue Apr 2 18:35:04 UTC 2019


On 02.04.2019 15:46, Kaushal Shriyan wrote:
> 
> On Mon, Apr 1, 2019 at 11:58 AM Bjørn Ruberg <bjorn at ruberg.no
> <mailto:bjorn at ruberg.no>> wrote:
> 
>     On 01.04.2019 07:44, Kaushal Shriyan wrote:
>     >
>     >
>     > On Sun, Mar 31, 2019 at 7:26 AM Kaushal Shriyan
>     > <kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>
>     <mailto:kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>>>
>     wrote:
>     >
>     >
>     >
>     >     On Sat, Mar 30, 2019 at 9:14 PM Kaushal Shriyan
>     >     <kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>
>     <mailto:kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>>>
>     wrote:
>     >
>     >         Hi,
>     >
>     >         I am running Suricata 4.1.3 on CentOS Linux release 7.6.1810
>     >         (Core) and have configured Suricata in IDS mode. I will
>     >         appreciate if you can help me to configure IPS and NSM in
>     Suricata.
> 
>     Did you take a look at
> 
>     https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/
> 
>     and
> 
>     https://suricata.readthedocs.io/en/suricata-4.1.3/setting-up-ipsinline-for-linux.html
> 
> 
> 
> Hi Bjørn,
> 
> Thanks a lot Bjørn for the email and I could configure IPS and test it
> using drop rules. It worked like a charm. Is there a way to enable NSM (
> Network Security Monitoring) in Suricata which is currently configured
> for both IDS and IPS mode?

What do you need from an NSM, just packet capture?

NSM functions are somewhat documented here:

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/NSM_runmode

-- 
Bjørn


More information about the Oisf-users mailing list