OwlH and Suricata

As usual, please keep in contact if there is any clarification or help needed.

Main steps

  • Install Suricata from OwlH Script
  • Default settings when you install from OwlH script
    • configuration files
    • rules folder
    • bpf file and folder
    • socket - PID files
  • Choose between Suricata management models
    • Manage by OwlH
    • Expert mode

Suricata output with OwlH

  • Standard eve.json
  • Socket output

Suricata Rules

Use OpenRules to:

  • create local rulesets based on 3rd party rulesets and custom rules
  • synchronize each local ruleset with one or mode nodes
  • schedule ruleset update
  • edit rules from User Interface
  • enable or disable rules
  • search rules and find where are rules installed and stored

see OpenRules