anomaly traffic detection in suricata
-
hi guys.
i used suricata on pfsense as IDS/IPS and this working without any problem.
this suricata only gets a custom rules and database of rules for detecting bad traffics on network between some nodes.
how i can use and configure suricata as Anomaly Traffic Detection IDS/IPS? -
@umm12 said in anomaly traffic detection in suricata:
how i can use and configure suricata as Anomaly Traffic Detection IDS/IPS?
The problem is there no standard anomaly traffic... what might be anomaly traffic to you might also be okay traffic for me. In other words, you have to define anomaly traffic for your network as the network administrator.
So, I'll share this thread that has helped me and others setting up Suricata with a warning that it's a very long thread: https://forum.netgate.com/topic/70170/taming-the-beasts-aka-suricata-blueprint?_=1632087648731
Good Luck.