Network Intrusion Detection alerts you to suspicious traffic within your network that could indicate a security breach, policy violation, or unsafe software. Suricata is a popular open-source network intrusion detection system (NIDS) that can also be used for network intrusion prevention (NIPS) and is used in a number of commercial cybersecurity products.
In this video I show you how to install Suricata on Ubuntu or Rocky Linux*, perform the basic configuration, and customize the rule sets to successfully identify malicious activity while minimizing false positive alerts.

*Rocky's instructions also apply to AlmaLinux, Red Hat Enterprise Linux, Oracle Linux, and CentOS.

Follow-up: Visualize Suricata data
️https://youtu.be/KWEWU_pItyg

Suricata website
https://suricata.io/

Suricata documentation
https://suricata.readthedocs.io/en/latest/index.html

testmynids.org GitHub
https://github.com/3CORESec/testmynids.org

*Follow me*
https://twitter.com/AndrewMRQuinn

Video timestamps:
0:00 – Introduction
0:22 – Intrusion detection versus intrusion prevention
1:09 – Suricata introduction
2:15 – Installing Suricata on Ubuntu and Rocky Linux
4:17 – Configure Suricata
7:12 – Enable automatic rule updates
8:14 – Mirroring network traffic to Suricata
9:15 – Test Suricata and review alerts
11:18 – Reducing false positives: disabling rules
13:48 – Reducing false positives: suppression rules
15:51 – Manage log file rotation

The Pro Tech Show offers technology, tips and advice for IT professionals and decision makers.

Please take the opportunity to connect and share this video with your friends and family if you find it helpful.