Suricata is the source for IDS alerting in RockNSM.
Intrusion Detection Systems (IDS) are a great way to quickly alert onvknown bad. Alerts are triggered when a packet matches a defined patternvor signature.
The Suricata service is configured and enabled on startup.
The newest versions of Suricata come with the suricata-update command to
manange and update rulesets. The official documentation is found
here.
Suricata is deployed as a systemd unit, called suricata. Normal systemd procedures apply here:
sudo systemctl start suricata
sudo systemctl status suricata
sudo systemctl stop suricata
sudo systemctl restart suricata
It can also be managed using the rockctl command.
/etc/suricata/ - configuration path
Back to the Services Index