tips:suricata-eve-unixsocket
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
tips:suricata-eve-unixsocket [2020/08/27 18:53] – [4. Starting Suricata] navaneeth | tips:suricata-eve-unixsocket [2020/09/10 16:28] – [2. Installing Suricata version 5.0] veera | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Suricata-EVE-Unixsocket ====== | ====== Suricata-EVE-Unixsocket ====== | ||
- | This article | + | This article |
- | + | ||
- | ** | + | |
- | To create a threat signatures that will turn into a powerful frontline alert monitoring system for any enterprise.Usually | + | |
- | ** | + | |
{{: | {{: | ||
===== Installation ===== | ===== Installation ===== | ||
- | ==== 1. Installing Suricata ==== | + | ==== 1. Installing Suricata |
* You can install the app by logging in as admin and selecting //Web Admin > Manage > Apps > Suricata via Eve Unixsocket// | * You can install the app by logging in as admin and selecting //Web Admin > Manage > Apps > Suricata via Eve Unixsocket// | ||
Line 16: | Line 12: | ||
{{: | {{: | ||
- | * Please install Suricata by running the following command, | + | ==== 2. Installing Suricata version 5.0 ==== |
+ | Please install Suricata by running the following command, | ||
< | < | ||
Line 24: | Line 21: | ||
</ | </ | ||
- | ==== 2. Installing Emerging Threat Rules ==== | + | |
+ | ===== Updating with latest ruleset ===== | ||
+ | |||
+ | Use the following command to update the latest emerging-threats ruleset | ||
+ | |||
+ | < | ||
+ | |||
+ | suricata-update puts the combined rules in ''/ | ||
+ | |||
+ | < | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==== 3. Installing Emerging Threat Rules 5.0 ==== | ||
Line 35: | Line 49: | ||
</ | </ | ||
- | <note important> | + | <note important> |
- | ==== 3. Enabling | + | ==== 4. Enabling |
Line 49: | Line 63: | ||
</ | </ | ||
< | < | ||
- | |||
- | * And, also disable the ' | ||
- | |||
- | < | ||
- | # a line based alerts log similar to Snort' | ||
- | - fast: | ||
- | enabled: no | ||
- | filename: fast.log | ||
- | append: yes | ||
- | #filetype: regular # ' | ||
| | ||
- | ==== 4. Starting Suricata ==== | + | ==== 5. Starting Suricata ==== |
* Login as Admin and Select Admin Tasks. | * Login as Admin and Select Admin Tasks. | ||
* Click on 'More options' | * Click on 'More options' | ||
* You will find a Dialog box with command line to install Suricata as below. | * You will find a Dialog box with command line to install Suricata as below. | ||
+ | * Cut and paste the command shown into a terminal to start suricata | ||
< | < | ||
</ | </ | ||
- | <note important> | + | {{:app: |
- | + | {{: | |
- | {{:tips:suricata-alert.png? | + | |
- | + | ||
- | ==== 5. Updating with latest rules ==== | + | |
- | + | ||
- | If you have already installed suricata and you want to update with the latest rules. Use the following command. | + | |
- | + | ||
- | < | + | |
- | + | ||
+ | ==== 6. Viewing Alerts ==== | ||
+ | {{: | ||
tips/suricata-eve-unixsocket.txt · Last modified: 2020/09/28 17:22 by navaneeth