[Oisf-users] Configure IPS and NSM in Suricata.

Kaushal Shriyan kaushalshriyan at gmail.com
Sun Apr 7 12:17:20 UTC 2019 

On Wed, Apr 3, 2019 at 12:05 AM Bjørn Ruberg <bjorn at ruberg.no> wrote:

> On 02.04.2019 15:46, Kaushal Shriyan wrote:
> >
> > On Mon, Apr 1, 2019 at 11:58 AM Bjørn Ruberg <bjorn at ruberg.no
> > <mailto:bjorn at ruberg.no>> wrote:
> >
> >     On 01.04.2019 07:44, Kaushal Shriyan wrote:
> >     >
> >     >
> >     > On Sun, Mar 31, 2019 at 7:26 AM Kaushal Shriyan
> >     > <kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>
> >     <mailto:kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>>>
> >     wrote:
> >     >
> >     >
> >     >
> >     >     On Sat, Mar 30, 2019 at 9:14 PM Kaushal Shriyan
> >     >     <kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>
> >     <mailto:kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>>>
> >     wrote:
> >     >
> >     >         Hi,
> >     >
> >     >         I am running Suricata 4.1.3 on CentOS Linux release
> 7.6.1810
> >     >         (Core) and have configured Suricata in IDS mode. I will
> >     >         appreciate if you can help me to configure IPS and NSM in
> >     Suricata.
> >
> >     Did you take a look at
> >
> >     https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/
> >
> >     and
> >
> >
> https://suricata.readthedocs.io/en/suricata-4.1.3/setting-up-ipsinline-for-linux.html
> >
> >
> >
> > Hi Bjørn,
> >
> > Thanks a lot Bjørn for the email and I could configure IPS and test it
> > using drop rules. It worked like a charm. Is there a way to enable NSM (
> > Network Security Monitoring) in Suricata which is currently configured
> > for both IDS and IPS mode?
>
> What do you need from an NSM, just packet capture?
>
> NSM functions are somewhat documented here:
>
>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/NSM_runmode
> / <https://suricata-ids.org/training/>


Thanks a lot Bjørn for the email. I am not sure about NSM feature in
Suricata. What is it used for and how does it help us. Are there any
benefits of NSM features available in Suricata? I was correlating it to
Nagios Monitoring system (https://nagios.org <https://www.nagios.org/>).

Please comment. Thanks in Advance.

Best Regards,

Kaushal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190407/4da0aff0/attachment.html>

More information about the Oisf-users mailing list