Intrusion Detection with Suricata | Blue Team Series with Hackersploit
ฝัง
- เผยแพร่เมื่อ 14 มิ.ย. 2024
- In this episode of our Blue Team series with @HackerSploit we'll cover the process of installing, configuring, and using Suricata for Blue Team intrusion detection. Suricata is a free and open-source threat detection engine. It detects intrusions by combining IDS, IPS, and network security monitoring.
Chapters:
0:00 Introduction
1:33 What We’ll Be Covering
3:39 Pre Requisites
3:47 Introduction to Suricata
6:31 How Does Suricata Work?
8:04 Where is Suricata Placed In a Network?
8:39 About our Lab Environment
9:30 Practical Demo
9:46 How to Download Suricata
11:33 How to Start Suricata
12:45 How to Configure Suricata
22:12 Specifying Your Own Sources
23:31 Adding Rulesets to Your Configuration
24:30 How to Test the Configuration File
25:52 Loading Suricata with the New Configuration
27:15 How to Run an Intrusion Test with Suricata
28:36 How to Check the Logs
29:10 How to Us Custom Rules
33:29 Examining Suricata Log Files
35:59 Integrating Suricata with Wazuh
50:49 Conclusion
New to Cloud Computing? Get started here with a $100 credit → www.linode.com/linodetube
Check out the Blue Team Security Playlist → • HackerSploit Blue Team...
Watch the previous episode → • Splunk Security Event ...
Subscribe to get notified of new episodes as they come out → th-cam.com/users/linode?sub_co...
#Linode #suricata #cybersecurity #blueteam
Product: Linode, Security, Blue Team; @HackerSploit ; - วิทยาศาสตร์และเทคโนโลยี
I use Suricata for Windows servers, but it uses a lot of memory and disk space on my servers. When I try to configure it based on the documentation, the adjustments don't work.
I'm thinking about replacing it with snort, what do you say?
How to save the changes for things we done in configuration and to find the text??
If you're following the instructions in this video and using Vim, you can save the changes made to the configuration file by pressing "Esc" to exit "Insert" mode then ":w" to write your changes.
To search the file for specific text, you will use "/$word" then press the "return" or "enter" key. The example in the video is "/af-packet"
If you're unfamiliar with Vim, we suggest checking out these videos:
- th-cam.com/video/bR5bZriaOVU/w-d-xo.htmlsi=c2RKmH81QW0NXD9P
- th-cam.com/video/zE0hno3vV9M/w-d-xo.htmlsi=C8CE35M1BPPgMSry
Suricate logs on wazuh dashboard is not looking convincing and more confusing.
suricata or snort?
i'm team suricata
Sz@zk
how can the suricata work the sam snort
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i wlp0s20f3