pfsense:suricata:about_suricata
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| pfsense:suricata:about_suricata [2021/01/15 01:20] – created peter | pfsense:suricata:about_suricata [2021/07/20 11:39] (current) – [NSM (Network Security Monitoring)] peter | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== PFSense - Suricata - About Suricata ====== | ====== PFSense - Suricata - About Suricata ====== | ||
| + | Suricata is an engine for... | ||
| + | |||
| + | * Network Intrusion Detection | ||
| + | * Network Intrusion Prevention | ||
| + | * Network Security Monitoring | ||
| + | |||
| + | ==== IDS (Intrusion Detection System) ==== | ||
| + | |||
| + | * Passive | ||
| + | * Out of line | ||
| + | * On tap or span port | ||
| + | |||
| + | ==== IPS (Intrusion Prevention System) ==== | ||
| + | |||
| + | * Active | ||
| + | * Inline | ||
| + | * Router or bridge | ||
| + | |||
| + | ==== NSM (Network Security Monitoring) ==== | ||
| + | |||
| + | * Not ‘just’ generating alerts, but also informational events like HTTP requests, TLS transfers, etc | ||
| + | * Full Packet Capture (FPC) for being able to dig deep into traffic if necessary | ||
| + | * Produces LOTS of data | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== References ===== | ||
| + | |||
| + | https:// | ||
pfsense/suricata/about_suricata.1610673650.txt.gz · Last modified: 2021/01/15 01:20 by peter