Channel | Publish Date | Thumbnail & View Count | Download Video |
---|---|---|---|
Publish Date not found | 0 Views |
In this video I show you how to install Suricata on Ubuntu or Rocky Linux*, perform the basic configuration, and customize the rule sets to successfully identify malicious activity while minimizing false positive alerts.
*Rocky's instructions also apply to AlmaLinux, Red Hat Enterprise Linux, Oracle Linux, and CentOS.
Follow-up: Visualize Suricata data
️https://youtu.be/KWEWU_pItyg
Suricata website
https://suricata.io/
Suricata documentation
https://suricata.readthedocs.io/en/latest/index.html
testmynids.org GitHub
https://github.com/3CORESec/testmynids.org
*Follow me*
https://twitter.com/AndrewMRQuinn
Video timestamps:
0:00 – Introduction
0:22 – Intrusion detection versus intrusion prevention
1:09 – Suricata introduction
2:15 – Installing Suricata on Ubuntu and Rocky Linux
4:17 – Configure Suricata
7:12 – Enable automatic rule updates
8:14 – Mirroring network traffic to Suricata
9:15 – Test Suricata and review alerts
11:18 – Reducing false positives: disabling rules
13:48 – Reducing false positives: suppression rules
15:51 – Manage log file rotation
The Pro Tech Show offers technology, tips and advice for IT professionals and decision makers.
Please take the opportunity to connect and share this video with your friends and family if you find it helpful.