pfSense Support Subscription

Author Topic: Setting up Suricata  (Read 101 times)

0 Members and 1 Guest are viewing this topic.

Offline bodhi

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Setting up Suricata
« on: November 30, 2017, 11:37:38 am »
Greetings

New to this concept of pfSense, Suricata etc etc

Great source of info here, but am struggling to understand the concept. Please can someone help me?

I have setup pfsense andit is working great. I now introduced Suricata to it. All traffic going though seems to be blocked.  Here is what I have done so far:

I started adding entries to the SID Management for some of the repeating messages.
I also started to create Firewall Aliases for known services like Apple (17.0.0.0/24), Some Microsoft and some others.

Now, question I have is, is this how this thing works? Do I have to keep adding IP addresses to aliases? Are there any lists available readily?

Or am I going completely wrongway?

Thanks for your help.