[Oisf-users] Properly testing Suricata for alerts

419telegraph298 at protonmail.com 419telegraph298 at protonmail.com
Mon Feb 18 17:13:21 UTC 2019


thanks for the advice thus far, this is from my config:

HOME_NET: "[192.168.0.0/24]"
    #HOME_NET: "[192.168.0.0/16]"
    #HOME_NET: "[10.0.0.0/8]"
    #HOME_NET: "[172.16.0.0/12]"
    #HOME_NET: "any"

    EXTERNAL_NET: "!$HOME_NET"
    #EXTERNAL_NET: "any"


and yeah I added the auto update rule files as the rule files in the config. Should I be running "-s signatures.rules" when I run from command line as well? Because I can't locate the signatures.rules anywhere


Sent from ProtonMail, encrypted email based in Switzerland.

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, February 13, 2019 1:41 AM, Bjørn Ruberg <bjorn at ruberg.no> wrote:

> On 13.02.2019 01:13, 419telegraph298 at protonmail.com wrote:
>
> > Hey - I am not sure if the rule is set for tcpdump. What should I run foo.pcap with? Kismet or Tcpdump?
>
> https://suricata.readthedocs.io/en/suricata-4.1.2/command-line-options.html
>
> Check the "-r <path>" option.
>
> --
>
> Bjørn
>
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/




More information about the Oisf-users mailing list