Difference between revisions of "HowTo Setup Suricata - A Simple Live Configuration"

Revision as of 12:09, 24 April 2024

Overview

Suricata is a multi-threaded intrusion detection/prevention engine. This page shows one how to configure suricata to "run in pcap live mode" for creating alerts with an ICMP Ping rule.

Configuration - Rule File

We will create a simple rule file for ICMP detection in directory: "/opt" with a file name: "icmp.rules".

[root@probe tmp]# cat /opt/icmp.rules 
alert ip any any <> any any (msg: "ICMP Ping"; ip_proto: icmp; sid: 1000001;)

@@ Line 3: / Line 3: @@
 '''[https://oisf.net/ Suricata]''' is a multi-threaded intrusion detection/prevention engine. This page shows one how to configure '''suricata''' to "run in pcap live mode" for creating alerts with an [https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol ICMP Ping] rule.
-== Configuration ==
+== Configuration - Rule File ==
+We will create a simple rule file for ICMP detection in directory: "/opt" with a file name: "icmp.rules".
+ [root@probe tmp]# cat /opt/icmp.rules
+ alert ip any any <> any any (msg: "ICMP Ping"; ip_proto: icmp; sid: 1000001;)

Difference between revisions of "HowTo Setup Suricata - A Simple Live Configuration"

Revision as of 12:09, 24 April 2024

Contents

Overview

Configuration - Rule File

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools