Setting up Suricata
New to this concept of pfSense, Suricata etc etc
Great source of info here, but am struggling to understand the concept. Please can someone help me?
I have setup pfsense andit is working great. I now introduced Suricata to it. All traffic going though seems to be blocked. Here is what I have done so far:
I started adding entries to the SID Management for some of the repeating messages.
I also started to create Firewall Aliases for known services like Apple (22.214.171.124/24), Some Microsoft and some others.
Now, question I have is, is this how this thing works? Do I have to keep adding IP addresses to aliases? Are there any lists available readily?
Or am I going completely wrongway?
Thanks for your help.