[Oisf-users] Configure IPS and NSM in Suricata.
Peter Manev
petermanev at gmail.com
Fri Apr 26 17:18:53 UTC 2019
> On 8 Apr 2019, at 02:48, Kaushal Shriyan <kaushalshriyan at gmail.com> wrote:
>
> Hi Bjørn,
>
> I do not have any specific requirement regarding NSM and i will appreciate if you can help me understand regarding NSM feature in Suricata. How is it configured and its use case with some examples.
Just as an FYI
In the case of Suricata this NSM mode can log anything it sees but do not do any detection (via —disable-detection option ). In that case all http/dns/ssh/smtp... etc logs will be available but not alerts. This mode is also very cheap in CPU / perf needs and is great if you need just logs/metadata visibility.
>
> Best Regards,
>
>> On Sun, Apr 7, 2019 at 10:46 PM Bjørn Ruberg <bjorn at ruberg.no> wrote:
>> On 07.04.2019 17:39, Kaushal Shriyan wrote:
>> > Hi Bjørn,
>> >
>> > NSM stands for Network Security Monitoring and if i understand it
>> > correctly, its function is to monitor any malicious traffic. Please
>> > correct me if i am understanding it completely wrong.
>>
>> No that's fine, but that is also basically what an IDS/IPS does.
>>
>> That is why I am wondering why you are asking about NSM in addition,
>> after having configured Suricata for being an IDS/IPS. If you have any
>> specific requirements from an NSM that Suricata currently doesn't offer,
>> please mention them so we can help you reach your goal.
>>
>> --
>> Bjørn
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>> Conference: https://suricon.net
>> Trainings: https://suricata-ids.org/training/
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190426/d26fe750/attachment.html>
More information about the Oisf-users
mailing list