[Oisf-users] Configure IPS and NSM in Suricata.
Kaushal Shriyan
kaushalshriyan at gmail.com
Sun Apr 7 12:17:20 UTC 2019
On Wed, Apr 3, 2019 at 12:05 AM Bjørn Ruberg <bjorn at ruberg.no> wrote:
> On 02.04.2019 15:46, Kaushal Shriyan wrote:
> >
> > On Mon, Apr 1, 2019 at 11:58 AM Bjørn Ruberg <bjorn at ruberg.no
> > <mailto:bjorn at ruberg.no>> wrote:
> >
> > On 01.04.2019 07:44, Kaushal Shriyan wrote:
> > >
> > >
> > > On Sun, Mar 31, 2019 at 7:26 AM Kaushal Shriyan
> > > <kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>
> > <mailto:kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>>>
> > wrote:
> > >
> > >
> > >
> > > On Sat, Mar 30, 2019 at 9:14 PM Kaushal Shriyan
> > > <kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>
> > <mailto:kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>>>
> > wrote:
> > >
> > > Hi,
> > >
> > > I am running Suricata 4.1.3 on CentOS Linux release
> 7.6.1810
> > > (Core) and have configured Suricata in IDS mode. I will
> > > appreciate if you can help me to configure IPS and NSM in
> > Suricata.
> >
> > Did you take a look at
> >
> > https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/
> >
> > and
> >
> >
> https://suricata.readthedocs.io/en/suricata-4.1.3/setting-up-ipsinline-for-linux.html
> >
> >
> >
> > Hi Bjørn,
> >
> > Thanks a lot Bjørn for the email and I could configure IPS and test it
> > using drop rules. It worked like a charm. Is there a way to enable NSM (
> > Network Security Monitoring) in Suricata which is currently configured
> > for both IDS and IPS mode?
>
> What do you need from an NSM, just packet capture?
>
> NSM functions are somewhat documented here:
>
>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/NSM_runmode
> / <https://suricata-ids.org/training/>
Thanks a lot Bjørn for the email. I am not sure about NSM feature in
Suricata. What is it used for and how does it help us. Are there any
benefits of NSM features available in Suricata? I was correlating it to
Nagios Monitoring system (https://nagios.org <https://www.nagios.org/>).
Please comment. Thanks in Advance.
Best Regards,
Kaushal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190407/4da0aff0/attachment.html>
More information about the Oisf-users
mailing list