Topics tagged under "ids"

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

B

Suricata Fast.log, but in JSON?
General Discussion • suricata ids • • BurningJenkinsContainer

4

0
Votes

4
Posts

34
Views

B

Found an answer, took me long enough given it was right in front of me the whole time... On Line 60 in the YAML, you can disable Stats - that probably cuts down 80% of the garbage data in EVE. You can further disable logging (in EVE) under metadata for DNS, TLS, TCP, HTTP, etc. -- YMMV, but I feel keeping that stuff is fine since you can filter it out using something like Kibana or Splunk readily.
H

Is cloning pfSense a good idea?
Installation and Upgrades • ids cloning • • hannes.hutmacher

3

0
Votes

3
Posts

62
Views

R

@hannes-hutmacher I think will be better if you save your config to xml file and then make fresh install including xml import option. Please see https://docs.netgate.com/pfsense/en/latest/backup/index.html

Suricata Fast.log, but in JSON? General Discussion • suricata ids • • BurningJenkinsContainer

Is cloning pfSense a good idea? Installation and Upgrades • ids cloning • • hannes.hutmacher

Suricata Fast.log, but in JSON?
General Discussion • suricata ids • • BurningJenkinsContainer

Is cloning pfSense a good idea?
Installation and Upgrades • ids cloning • • hannes.hutmacher