suricata

  1. E

    Do I need Suricata to protect Proxmox VE host?

    Hello all, I maybe have a stupid question, but still... I have the following setup: 1 Dedicated Server with 2 Public IPs from Hetzner with Proxmox 8.0 installed on it. 1st IP is for Proxmox itself, the 2nd IP is used by my 1st VM - OPNSense, which is acting as a router and firewall for all...
  2. A

    How to integrate Suricata in Proxmox VE to intercept malicious traffic

    Hello everyone, I am a beginner Suricata, and I hope to run Suricata as an IPS to intercept malicious traffic. My deployment method is as follows: apt-get -y install suricata jq modprobe nfnetlink_queue echo "nfnetlink_queue" > /etc/modules-load.d/nfnetlink_queue.conf sed -i 's/interface...
  3. J

    [SOLVED] OPNSense VM with Suricata IPS service crashes [how-to-fix]

    This how-to-fix post to inform people on how Suricata crashes with OPNSense on Proxmox (any version) can be remediated. The advisories here may not be suitable for production environments, I trust you know this already. Context VM-hardware has Q35 chipset and uses virtio network interfaces...
  4. R

    Suricata limiting my network speed in pfSense

    I am running the latest pfSense (2.4.5 p1) I have a fiber gigabit connection to the internet and my nics are 1gb. When I install Suricata and turn it on It reduces my speeds to 280mb/s. That is a 72% drop in speed. I have turned off the detection rules, changed the modes, and none of it changes...
  5. M

    Setting up NIDS in VE, where put it in architecure and how redirect all trafic from/to Snort/Suricata

    Hello all, I want deploy snort in my VE, but i wounder what is the beast approach to do that. First idea is deploy vm with snort or something similar like suricata, but the real problem is ... how to redirect all traffic from NIC, VE from/to snort. I imagine it like this: vmbrX <-->...
  6. C

    Suricata with NFQ (using Suricata IDS/IPS after host pve firewall)

    Hi, I'm trying to get suricata working with pve firewall at host level, but it won't work like i want. At the moment both is working but for my opinion in the wrong order. Cause it looks like suricata is acting before the pve firewall which is not right for me causeit only should detect and...
  7. M

    Suricata IDS not getting external requests

    Hello, I managed to correctly configure the firewall with Proxmox 4.4 and its integration with Suricata (using this wiki page : https://pve.proxmox.com/wiki/Firewall#_tips_and_tricks). I enabled the HTTP log in Suricata, but I only see inter-vm communications, and not the incoming requests...
Top Bottom