[Oisf-users] dataset testing

Braňo Kramár branislavkramar at gmail.com
Tue Mar 26 09:44:10 UTC 2019


 Hi, I want to use suricata as IDS in my network. Firstly I decided to try
it in offline mode on existing datasets. I am using ET open rules now.
After enabling all rules with priority 1 or 2, Suricata wasn`t able to
detect all DoS attacks in dataset created by
https://www.unb.ca/cic/datasets/ids-2017.html
Dataset from wednesday should contain different DoS attacks, but Suricata
generated only 3 alerts. Did I make any mistake in configuration? Is
Suricata and ET open rules able to detect DoS attacks?

thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190326/6940035e/attachment.html>


More information about the Oisf-users mailing list