Network intrusion detection alerts you to suspicious traffic within your network that may indicate a security breach, policy violation, or insecure software. Suricata is a popular opensource network intrusion detection system (NIDS) that can also be used for network intrusion prevention (NIPS) and is used in a number of commercial cybersecurity products.
In this video I'll show you how to install Suricata on Ubuntu or Rocky Linux*, perform basic configuration, and tweak the rulesets to successfully identify malicious activity whilst minimising false positive alerts.
*Rocky's instructions also appply to AlmaLinux, Red Hat Enterprise Linux, Oracle Linux, and CentOS.
FollowUp: Visualise Suricata Data
• Visualising Network Threats
Suricata Website
https://suricata.io/
Suricata Documentation
https://suricata.readthedocs.io/en/la...
testmynids.org GitHub
https://github.com/3CORESec/testmynid...
Follow Me
/ andrewmrquinn
Video timestamps:
0:00 Introduction
0:22 Intrusion Detection Vs Intrusion Prevention
1:09 Suricata Introduction
2:15 Installing Suricata on Ubuntu & Rocky Linux
4:17 Configuring Suricata
7:12 Enabling Automatic Rule Updates
8:14 Mirroring Network Traffic to Suricata
9:15 Testing Suricata & Viewing Alerts
11:18 Reducing False Positives: Disable Rules
13:48 Reducing False Positives: Suppression Rules
15:51 Managing Log File Rotation
The Pro Tech Show provides tech, tips, and advice for IT Pros and decisionmakers.