Network Intrusion Detection with Suricata

Network intrusion detection alerts you to suspicious traffic within your network that may indicate a security breach, policy violation, or insecure software. Suricata is a popular open-source network intrusion detection system (NIDS) that can also be used for network intrusion prevention (NIPS) and is used in a number of commercial cybersecurity products.
In this video I'll show you how to install Suricata on Ubuntu or Rocky Linux*, perform basic configuration, and tweak the rulesets to successfully identify malicious activity whilst minimising false positive alerts.

*Rocky's instructions also appply to AlmaLinux, Red Hat Enterprise Linux, Oracle Linux, and CentOS.

Follow-Up: Visualise Suricata Data
📽️    • Visualising Network Threats  

🌐 Suricata Website
https://suricata.io/

📖 Suricata Documentation
https://suricata.readthedocs.io/en/la...

🌐 testmynids.org GitHub
https://github.com/3CORESec/testmynid...

💬 Follow Me
  / andrewmrquinn  

Video timestamps:
0:00 - Introduction
0:22 - Intrusion Detection Vs Intrusion Prevention
1:09 - Suricata Introduction
2:15 - Installing Suricata on Ubuntu & Rocky Linux
4:17 - Configuring Suricata
7:12 - Enabling Automatic Rule Updates
8:14 - Mirroring Network Traffic to Suricata
9:15 - Testing Suricata & Viewing Alerts
11:18 - Reducing False Positives: Disable Rules
13:48 - Reducing False Positives: Suppression Rules
15:51 - Managing Log File Rotation

The Pro Tech Show provides tech, tips, and advice for IT Pros and decision-makers.