[Oisf-users] Configure IPS and NSM in Suricata.

Kaushal Shriyan kaushalshriyan at gmail.com
Sun Apr 7 15:39:20 UTC 2019


Hi Bjørn,

NSM stands for Network Security Monitoring and if i understand it
correctly, its function is to monitor any malicious traffic. Please correct
me if i am understanding it completely wrong.

Thanks in Advance.

Best Regards,

On Sun, Apr 7, 2019 at 8:13 PM bjorn at ruberg.no <bjorn at ruberg.no> wrote:

>
>
> Kaushal,
>
> To answer your question we need to know what you mean by NSM and what you
> want it to do.
>
> -------- Original Message --------
> Subject: Re: [Oisf-users] Configure IPS and NSM in Suricata.
> From: Kaushal Shriyan
> To: Bjørn Ruberg
> CC: Open Information Security Foundation
>
>
>
> On Wed, Apr 3, 2019 at 12:05 AM Bjørn Ruberg <bjorn at ruberg.no> wrote:
>
> On 02.04.2019 15:46, Kaushal Shriyan wrote:
> >
> > On Mon, Apr 1, 2019 at 11:58 AM Bjørn Ruberg <bjorn at ruberg.no
> > <mailto:bjorn at ruberg.no>> wrote:
> >
> >     On 01.04.2019 07:44, Kaushal Shriyan wrote:
> >     >
> >     >
> >     > On Sun, Mar 31, 2019 at 7:26 AM Kaushal Shriyan
> >     > <kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>
> >     <mailto:kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>>>
> >     wrote:
> >     >
> >     >
> >     >
> >     >     On Sat, Mar 30, 2019 at 9:14 PM Kaushal Shriyan
> >     >     <kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>
> >     <mailto:kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>>>
> >     wrote:
> >     >
> >     >         Hi,
> >     >
> >     >         I am running Suricata 4.1.3 on CentOS Linux release
> 7.6.1810
> >     >         (Core) and have configured Suricata in IDS mode. I will
> >     >         appreciate if you can help me to configure IPS and NSM in
> >     Suricata.
> >
> >     Did you take a look at
> >
> >     https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/
> >
> >     and
> >
> >
> https://suricata.readthedocs.io/en/suricata-4.1.3/setting-up-ipsinline-for-linux.html
> >
> >
> >
> > Hi Bjørn,
> >
> > Thanks a lot Bjørn for the email and I could configure IPS and test it
> > using drop rules. It worked like a charm. Is there a way to enable NSM (
> > Network Security Monitoring) in Suricata which is currently configured
> > for both IDS and IPS mode?
>
> What do you need from an NSM, just packet capture?
>
> NSM functions are somewhat documented here:
>
>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/NSM_runmode
> / <https://suricata-ids.org/training/>
>
>
> Thanks a lot Bjørn for the email. I am not sure about NSM feature in
> Suricata. What is it used for and how does it help us. Are there any
> benefits of NSM features available in Suricata? I was correlating it to
> Nagios Monitoring system (https://nagios.org <https://www.nagios.org/>).
>
> Please comment. Thanks in Advance.
>
> Best Regards,
>
> Kaushal
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190407/81e5741b/attachment-0001.html>


More information about the Oisf-users mailing list