suricata.yaml.txt (72.6 KB) )
suricata-yaml
Sucesfully installed on Buster.
Suricata configs in yaml fromat (/etc/suricata/suricata.yaml)
I think it will work with python handlers/checkers.
Intrusion Detection System (IDS) - only detect
Intrusion Protection System (IPS) - firewall match pattern
Multi pattern match (mpm)
For set syntax, I see it:
set service detection engine ids set service detection engine ids max-pending-packets set service detection engine ids default-packet-size set service detection engine ids thread-ratio set service detection engine ids flow memcap set service detection engine ids flow hash-size set service detection engine ids profile (mpm|prefilter) set service detection engine ids update-rules (update from internet with /usr/bin/suricata-update) set service detection engine ips rule x action (pass|drop|reject|alert) set service detection engine ips inspection-recursion-limit set service detection engine ips mode accept set service detection engine ips mode repeate set service detection engine log
Filter
etc…