Wiki

User Tools

Site Tools

Trace: add_route configure_banners
pfsense:suricata

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:suricata [2021/01/15 01:20] peterpfsense:suricata [2021/07/20 11:39] (current) peter
Line 1: Line 1:
 ====== PFSense - Suricata ====== ====== PFSense - Suricata ======
  
-Suricata is an engine for...+See [[IDS:Suricata|Suricata]]
  
-  * Network Intrusion Detection +----
-  * Network Intrusion Prevention +
-  * Network Security Monitoring+
  
-==== IDS (Intrusion Detection System) ==== 
  
-  * Passive +===== Suricata in pfSense =====
-  * Out of line +
-  * On tap or span port+
  
-==== IPS (Intrusion Prevention System====+The GUI code for Suricata is all written in PHP. All that PHP code does is provide a fancy user interface for choosing parameters which populate the suricata.yaml configuration file that the Suricata binary needs to run. All of the "brains" of packet inspection and rule signatures lives within the binary. The binary is designed to be completely command-line driven, and a simple text configuration file (suricata.yamltells the binary how to behave. So the Suricata package in pfSense consists of two parts: (1) the Suricata binary piece; and (2) a GUI piece to aid the user in choosing appropriate parameter settings for the suricata.yaml text configuration file.
  
-  * Active +All of the PHP code lives in /usr/local/pkg/suricata and /usr/local/www/suricata. Liberal with comments throughout the code base. That should help you follow the logic. The file names (especially in the www sub-directoryare descriptive of the function of the file. For exampleyou will find at least one PHP file responsible for displaying and handling user interaction for each tab in the GUI.
-  * Inline +
-  * Router or bridge +
- +
-==== NSM (Network Security Monitoring==== +
- +
-  * Not ‘just’ generating alertsbut also informational events like HTTP requests, TLS transfers, etc +
-  * Full Packet Capture (FPC) for being able to dig deep into traffic if necessary +
-  * Produces LOTS of data+
  
 ---- ----
  
-[[PFSense:Suricata:About Suricata|About Suricata]] +===== References =====
- +
-[[PFSense:Suricata:Alerts|Alerts]] +
- +
-[[PFSense:Suricata:Custom Rules|Custom Rules]] +
- +
-[[PFSense:Suricata:Install Suricata|Install Suricata]] +
- +
-[[PFSense:Suricata:Pass Lists|Pass Lists]] +
- +
-[[PFSense:Suricata:Snort Rules|Snort Rules]] +
- +
-[[PFSense:Suricata:Suppress|Suppress]] +
- +
-[[PFSense:Suricata:Troubleshooting|Troubleshooting]] +
- +
-[[PFSense:Suricata:WAN or LAN|WAN or LAN]] +
  
 +https://forum.netgate.com/topic/136729/suricata-cannot-change-home-net-list/9
pfsense/suricata.1610673638.txt.gz · Last modified: 2021/01/15 01:20 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki