OwlH and Suricata¶
As usual, please keep in contact if there is any clarification or help needed.
- email our support team - support@owlh.net
- join OwlH slack - OwlH Slack workspace
- ask for professional support and services - prohelp@owlh.net
Main steps¶
- Install Suricata from OwlH Script
- Default settings when you install from OwlH script
- configuration files
- rules folder
- bpf file and folder
- socket - PID files
- Choose between Suricata management models
- Manage by OwlH
- Expert mode
Suricata output with OwlH¶
- Standard eve.json
- Socket output
Suricata Rules¶
Use OpenRules to:
- create local rulesets based on 3rd party rulesets and custom rules
- synchronize each local ruleset with one or mode nodes
- schedule ruleset update
- edit rules from User Interface
- enable or disable rules
- search rules and find where are rules installed and stored
see OpenRules