Wiki

User Tools

Site Tools

Trace: enable_network_config_autostart pawn_hash_table dnsmasq waf_web_application_firewall move_generation disable_guest_autostart_on_boot create_permanent_network_config magic_bitboards zobrist_hashing install_suricata
pfsense:suricata:install_suricata

This is an old revision of the document!

Table of Contents

PFSense - Suricata - Install Suricata

There are multiple parts to this:

  1. Install the Suricata Package
  2. Configure Global Settings
  3. Create Suppress Lists
  4. Have Suricata Monitor the WAN Interface

Created a suppress list

To suppress certain snort and ET signatures since initially there a bunch of False Positives.

This is accomplished under Services → Suricata → Suppress.

NOTE: This shows a suppresslist named WANSuppressList.

In order for this specific list to be used:

  • Navigate to Services → Suricata → Interfaces.
  • Edit the specific interface; in this example WAN.
  • Within WAN Settings, go to Alert Suppression and Filtering and select this suppresslist.
  • Click Save.

Rule categories

Choose what rule categories to enable:

Navigate to Services → Suricata → Interfaces → WAN Categories.

pfsense/suricata/install_suricata.1611318159.txt.gz · Last modified: 2021/01/22 12:22 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki