Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    anomaly traffic detection in suricata

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 561 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      umm12
      last edited by

      hi guys.
      i used suricata on pfsense as IDS/IPS and this working without any problem.
      this suricata only gets a custom rules and database of rules for detecting bad traffics on network between some nodes.
      how i can use and configure suricata as Anomaly Traffic Detection IDS/IPS?

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense @umm12
        last edited by

        @umm12 said in anomaly traffic detection in suricata:

        how i can use and configure suricata as Anomaly Traffic Detection IDS/IPS?

        The problem is there no standard anomaly traffic... what might be anomaly traffic to you might also be okay traffic for me. In other words, you have to define anomaly traffic for your network as the network administrator.

        So, I'll share this thread that has helped me and others setting up Suricata with a warning that it's a very long thread: https://forum.netgate.com/topic/70170/taming-the-beasts-aka-suricata-blueprint?_=1632087648731

        Good Luck.

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.