Видео

Is there a github for some of the examples in this video?

Thanks for the shout out

people still use built in mics? high tech software, but low tech hardware.

Awesome! Thank you!

I hope we will see an new version witz suricata 6 on OPNsense. Current It looks, it dosn`t work.

Really cool! Thank's!

Hello, I config suricata on cuckoo sandbox which is on ubuntu vm 18.04 the problem is when i add the socket in processing.conf and in suricata.yaml then run the command "sudo suricata -c /etc/suricata/suricata.yaml -k none --runmode=autofp --user=cuckoo --unix-socket -vvv" i get " unix socket bind(/var/run/suricata/cuckoo.socket) erroe: permission denied" "unable to create unix command socket" I tried to add full path in suricata.yaml but still nothing works

incomprehensible due to french accent. and bad low audio...very poor

Markus is always working on something interesting, thanks for sharing!

Would be nice to see an update on this topic as the config has been changed a bit with the policies.

I was able to follow up to the point to show the output in eveBox. I selected all but nothing is showing? Not sure where to look from here

I defintely disagree with enabling everything. If you want your IDS to be completely useless, enable every rule there is. Not good advice here.

Note: We've since added the "community-id" into the NDP output.

nice tutorial

I have installed OPNsense 22.7.8-amd64 on Nov 19 2022. I have tried to install as presented in the video. However, the detection of allowed and drop for the Ricardo test file did not appear in the Alert section. In my Intrusion Detection - Download - Rulesets, there are only Orange Colored Buttons for Enable selected and Disable selected. Enable (drop filter) and Enable (clear filter) buttons are not there, thus I am not able to enable the Drop Filter. Appreciate help!! Thanks!!

What is the R-core github address?

Thank you, guys, for this great explanation for beginners. It would be nice to have all those link from the presentation here in the video description field. Thanks again. Like and subscription.

Thanks for the video! it's great and helped me out! I'm running Suricata on Debian and came across an error when having to run the pcap file. After a bunch of research, I learn I had to update the default file path under the suricata.yaml file to point to /var/lib/suricata/rules/. Debian auto downloaded version 6.0.1 for me. Not sure if this mix-up was fixed in later patches! Have a great one!

Thank you that was very nice. Do you have meeting minutes for highlights? Thank you for your time! Be well.

Thank you guys that was very nice. Are there meeting minutes or highlights I can reference?

Can you tell me how to change the interface from eth0 to something else? I tried to copy and paste it but I cannot delete it under af-packet. I am using the vi editor in Ubuntu

yes

could this has a mode that only capture pcap for specific rules? Because, there could be huge alert everyday for large enterprise

Excellent Video. But as of today that is Aug 30, 2022 I can confirm you that Suricata is not working on OpnSense.

Thank you the clear explanation.

Hi team. Thanks for this cool introduction. One question about. Can we combine suricata and clamav on one box? Is it was good or bad solution?

What Ubuntu version is that

thanks for this, we can hope more like this

there is a link for this results anywhere as said many times by the presenter?

Guys don't forget to install jq otherwise you won't be able to see the alerts (i guess): sudo apt update sudo apt install jq

I tried to follow you everything works find till the minute 13 I didn't get any alerts :(

Great to see women leading team in security software

thanx man... really helpful <3

I installed Suricata on Centos, is there any "getting started" wiki or help page? Thanks

Nice video, except... out of the blue you start talking about this pcap & script file, where does the pcap file come from, what does it do? why are we running this script to process the pcap file? DO we need to run a script for each thing we monitor.... It's a but confusing. Its odd that you explain why you need to do a ./script name to run a script , but do not explain other stuff that is more complicated. Did I miss more than your first 2 videos? Thanks!

nice share..

The one time i wished i knew French

Peter's audio is not intelligible. Please don't ruin your 48 minute webinar with bad audio

Outstanding presentation! Thank you!

When it's releasing , need this ASAP :(

Awesome job! I his was very informational.

great

Great analysis

Thank you!!!!!

Thank you so much overall webinar is great. However, I am wondering if you guys could share some tutorial containing installation of Suricata with Arkime including their configurations. This video is really informational details like configuration are missing.

Thanks for this analysis

Really Nice Channel!!!!

- Add Emerging Threats Open phishing rules in it and check if suricata is detecting and blocking against phishing attacks.

In the Slides there is the name "Kaspersky". how is Kaspersky related to suricata?? is Suricata embedded in their software? thanks.

Hello, thank you for webinar. Can you show how to configure splunk with suricata SELKS