Wouldn't it be better to use something in a VM that actually officially supports suricata and got it already tightly integrated like SecurityOnion or OPNsense?
Your customer doesn't have to install anything inside a VM. I thought more of a single VM as part of the server infrastructure that you put as a gateway/firewall between the internet and all of the clients VMs.
And you can configure suricata using the OPNsense webUI. There is also a checkbox to switch between intrusion detection and intrusion prevention mode. Suricata IDS as part of OPNsense is working fine here in a VM with 4GB RAM.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.