Setting up Suricata
bodhi last edited by
New to this concept of pfSense, Suricata etc etc
Great source of info here, but am struggling to understand the concept. Please can someone help me?
I have setup pfsense andit is working great. I now introduced Suricata to it. All traffic going though seems to be blocked. Here is what I have done so far:
I started adding entries to the SID Management for some of the repeating messages.
I also started to create Firewall Aliases for known services like Apple (188.8.131.52/24), Some Microsoft and some others.
Now, question I have is, is this how this thing works? Do I have to keep adding IP addresses to aliases? Are there any lists available readily?
Or am I going completely wrongway?
Thanks for your help.