suricata

Hello all, I maybe have a stupid question, but still... I have the following setup: 1 Dedicated Server with 2 Public IPs from Hetzner with Proxmox 8.0 installed on it. 1st IP is for Proxmox itself, the 2nd IP is used by my 1st VM - OPNSense, which is acting as a router and firewall for all...

Hello everyone, I am a beginner Suricata, and I hope to run Suricata as an IPS to intercept malicious traffic. My deployment method is as follows: apt-get -y install suricata jq modprobe nfnetlink_queue echo "nfnetlink_queue" > /etc/modules-load.d/nfnetlink_queue.conf sed -i 's/interface...

This how-to-fix post to inform people on how Suricata crashes with OPNSense on Proxmox (any version) can be remediated. The advisories here may not be suitable for production environments, I trust you know this already. Context VM-hardware has Q35 chipset and uses virtio network interfaces...

I am running the latest pfSense (2.4.5 p1) I have a fiber gigabit connection to the internet and my nics are 1gb. When I install Suricata and turn it on It reduces my speeds to 280mb/s. That is a 72% drop in speed. I have turned off the detection rules, changed the modes, and none of it changes...

Hello all, I want deploy snort in my VE, but i wounder what is the beast approach to do that. First idea is deploy vm with snort or something similar like suricata, but the real problem is ... how to redirect all traffic from NIC, VE from/to snort. I imagine it like this: vmbrX <-->...

Hi, I'm trying to get suricata working with pve firewall at host level, but it won't work like i want. At the moment both is working but for my opinion in the wrong order. Cause it looks like suricata is acting before the pve firewall which is not right for me causeit only should detect and...

Hello, I managed to correctly configure the firewall with Proxmox 4.4 and its integration with Suricata (using this wiki page : https://pve.proxmox.com/wiki/Firewall#_tips_and_tricks). I enabled the HTTP log in Suricata, but I only see inter-vm communications, and not the incoming requests...