[Oisf-users] Configure IPS and NSM in Suricata.
Kaushal Shriyan
kaushalshriyan at gmail.com
Sun Apr 7 15:39:20 UTC 2019
Hi Bjørn,
NSM stands for Network Security Monitoring and if i understand it
correctly, its function is to monitor any malicious traffic. Please correct
me if i am understanding it completely wrong.
Thanks in Advance.
Best Regards,
On Sun, Apr 7, 2019 at 8:13 PM bjorn at ruberg.no <bjorn at ruberg.no> wrote:
>
>
> Kaushal,
>
> To answer your question we need to know what you mean by NSM and what you
> want it to do.
>
> -------- Original Message --------
> Subject: Re: [Oisf-users] Configure IPS and NSM in Suricata.
> From: Kaushal Shriyan
> To: Bjørn Ruberg
> CC: Open Information Security Foundation
>
>
>
> On Wed, Apr 3, 2019 at 12:05 AM Bjørn Ruberg <bjorn at ruberg.no> wrote:
>
> On 02.04.2019 15:46, Kaushal Shriyan wrote:
> >
> > On Mon, Apr 1, 2019 at 11:58 AM Bjørn Ruberg <bjorn at ruberg.no
> > <mailto:bjorn at ruberg.no>> wrote:
> >
> > On 01.04.2019 07:44, Kaushal Shriyan wrote:
> > >
> > >
> > > On Sun, Mar 31, 2019 at 7:26 AM Kaushal Shriyan
> > > <kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>
> > <mailto:kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>>>
> > wrote:
> > >
> > >
> > >
> > > On Sat, Mar 30, 2019 at 9:14 PM Kaushal Shriyan
> > > <kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>
> > <mailto:kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>>>
> > wrote:
> > >
> > > Hi,
> > >
> > > I am running Suricata 4.1.3 on CentOS Linux release
> 7.6.1810
> > > (Core) and have configured Suricata in IDS mode. I will
> > > appreciate if you can help me to configure IPS and NSM in
> > Suricata.
> >
> > Did you take a look at
> >
> > https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/
> >
> > and
> >
> >
> https://suricata.readthedocs.io/en/suricata-4.1.3/setting-up-ipsinline-for-linux.html
> >
> >
> >
> > Hi Bjørn,
> >
> > Thanks a lot Bjørn for the email and I could configure IPS and test it
> > using drop rules. It worked like a charm. Is there a way to enable NSM (
> > Network Security Monitoring) in Suricata which is currently configured
> > for both IDS and IPS mode?
>
> What do you need from an NSM, just packet capture?
>
> NSM functions are somewhat documented here:
>
>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/NSM_runmode
> / <https://suricata-ids.org/training/>
>
>
> Thanks a lot Bjørn for the email. I am not sure about NSM feature in
> Suricata. What is it used for and how does it help us. Are there any
> benefits of NSM features available in Suricata? I was correlating it to
> Nagios Monitoring system (https://nagios.org <https://www.nagios.org/>).
>
> Please comment. Thanks in Advance.
>
> Best Regards,
>
> Kaushal
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190407/81e5741b/attachment-0001.html>
More information about the Oisf-users
mailing list