Wiki

User Tools

Site Tools

Trace: disneyland_cream_cheese_spread pawn_hash_table zobrist_hashing magic_bitboards move_generation install_suricata
pfsense:suricata:install_suricata

This is an old revision of the document!

Table of Contents

PFSense - Suricata - Install Suricata

There are multiple parts to this:

  1. Install the Suricata Package
  2. Configure Global Settings
  3. Create Suppress Lists
  4. Have Suricata Monitor the WAN Interface

Create Lists

Created a Pass List

Navigate to Services → Suricata → Pass List.

ALERT: DO NOT CREATE A PASS LIST!!!

Realistically, about the only time that you should require a Passlist is if you are running a honeypot host and you actually want bad stuff to find its way to that host.

In that situation, a passlist makes sense.

For about any other case, it does not.

Use custom PASS rules instead if you really need passlist functionality.

Created a suppress list

To suppress certain snort and ET signatures since initially there a bunch of False Positives.

This is accomplished under Services → Suricata → Suppress.

NOTE: This shows a suppresslist named WANSuppressList.

In order for this specific list to be used:

  • Navigate to Services → Suricata → Interfaces.
  • Edit the specific interface; in this example WAN.
  • Within WAN Settings, go to Alert Suppression and Filtering and select this suppresslist.
  • Click Save.

Rule categories

Choose what rule categories to enable:

Navigate to Services → Suricata → Interfaces → WAN Categories.

pfsense/suricata/install_suricata.1611317593.txt.gz · Last modified: 2021/01/22 12:13 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki