====== PFSense - Suricata - Install Suricata - Configure Global Settings ======

===== Enable Rule Download =====

Enter settings to download Snort and ET rules.

Navigate to **Services -> Suricata -> Global Settings**.

In **Please Choose The Type Of Rules You Wish To Download**:

  * Install ETOpen Emerging Threats rules:  **Checked**.
  * Install ETPro Emerging Threats rules:  **Not Checked**.
  * ETPro Subscription Configuration Code:  **<blank>**.
  * Install Snort rules:  **Checked**.
  * Snort Rules Filename:  **snortrules-snapshot-29170.tar.gz**.
  * Snort Oinkmaster Code:  **Set this to your personal Oinkmaster Code obtained from your snort account page**.
  * Install Snort GPLv2 Community rules:  **Checked**.
  * Hide Deprecated Rules Categories:  **Not Checked**.

{{:pfsense:suricata:install_suricata:pfsense_-_services_-_suricata_-_global_settings_-_please_choose_the_type_of_rules_you_wish_to_download.png?800|}}

<WRAP info>
**NOTE:**  Obtain the Oinkcode by logging into [[https://www.snort.org|Snort]].  Register a free account if needed.

Once logged in, click on your login email address, and go the the Oinkcode option.  Generate a new code if needed.

{{:pfsense:suricata:install_suricata:snort_-_login.png?400|}}

</WRAP>

----

In **Rules Update Settings**:

  * Update Interval:  **6 Hours**.
  * Update Start Time:  **00:10**.  The default.
  * Live Rule Swap on Update:  **Checked**.
  * GeoLite2 DB Update:  **Checked**.
  * GeoLite2 DB License Key:  **Enter your personal MaxMind GeoLite2 DB key**.

{{:pfsense:suricata:install_suricata:pfsense_-_services_-_suricata_-_global_settings_-_rules_update_settings.png?800|}}

<WRAP info>
**NOTE:**  Obtain the GeoLite key by logging into [[https://www.maxmind.com|Maxmind]].  Register a free account if needed.

Once logged in, click on your **Services -> My License Key**.  Generate a new code if needed.
</WRAP>


----

In **General Settings**:

  * Remove Blocked Hosts Interval:  **1 Hour**
  * Log to System Log:  **Not Checked**.
  * Keep Suricata Settings After Deinstall:  **Checked**.

{{:pfsense:suricata:install_suricata:pfsense_-_services_-_suricata_-_global_settings_-_general_settings.png?800|}}

----

===== Manually update the rules =====

Navigate to **Services -> Suricata -> Updates**.

Click **Update**.

{{:pfsense:suricata:pfsense_-_services_-_suricata_-_updates.png?800|}}

----

Return to [[PFSense:Suricata:Install Suricata]] or continue to [[PFSense:Suricata:Install Suricata:Create Suppress Lists|Create Suppress Lists]].

----

===== References =====

https://www.snort.org

https://www.maxmind.com