Wiki

User Tools

Site Tools

Trace:
pfsense:suricata:install_suricata:configure_global_settings

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
pfsense:suricata:install_suricata:configure_global_settings [2021/01/15 13:02] – created peterpfsense:suricata:install_suricata:configure_global_settings [2021/01/22 12:19] (current) peter
Line 1: Line 1:
 ====== PFSense - Suricata - Install Suricata - Configure Global Settings ====== ====== PFSense - Suricata - Install Suricata - Configure Global Settings ======
 +
 +===== Enable Rule Download =====
 +
 +Enter settings to download Snort and ET rules.
 +
 +Navigate to **Services -> Suricata -> Global Settings**.
 +
 +In **Please Choose The Type Of Rules You Wish To Download**:
 +
 +  * Install ETOpen Emerging Threats rules:  **Checked**.
 +  * Install ETPro Emerging Threats rules:  **Not Checked**.
 +  * ETPro Subscription Configuration Code:  **<blank>**.
 +  * Install Snort rules:  **Checked**.
 +  * Snort Rules Filename:  **snortrules-snapshot-29170.tar.gz**.
 +  * Snort Oinkmaster Code:  **Set this to your personal Oinkmaster Code obtained from your snort account page**.
 +  * Install Snort GPLv2 Community rules:  **Checked**.
 +  * Hide Deprecated Rules Categories:  **Not Checked**.
 +
 +{{:pfsense:suricata:install_suricata:pfsense_-_services_-_suricata_-_global_settings_-_please_choose_the_type_of_rules_you_wish_to_download.png?800|}}
 +
 +<WRAP info>
 +**NOTE:**  Obtain the Oinkcode by logging into [[https://www.snort.org|Snort]].  Register a free account if needed.
 +
 +Once logged in, click on your login email address, and go the the Oinkcode option.  Generate a new code if needed.
 +
 +{{:pfsense:suricata:install_suricata:snort_-_login.png?400|}}
 +
 +</WRAP>
 +
 +----
 +
 +In **Rules Update Settings**:
 +
 +  * Update Interval:  **6 Hours**.
 +  * Update Start Time:  **00:10**.  The default.
 +  * Live Rule Swap on Update:  **Checked**.
 +  * GeoLite2 DB Update:  **Checked**.
 +  * GeoLite2 DB License Key:  **Enter your personal MaxMind GeoLite2 DB key**.
 +
 +{{:pfsense:suricata:install_suricata:pfsense_-_services_-_suricata_-_global_settings_-_rules_update_settings.png?800|}}
 +
 +<WRAP info>
 +**NOTE:**  Obtain the GeoLite key by logging into [[https://www.maxmind.com|Maxmind]].  Register a free account if needed.
 +
 +Once logged in, click on your **Services -> My License Key**.  Generate a new code if needed.
 +</WRAP>
 +
 +
 +----
 +
 +In **General Settings**:
 +
 +  * Remove Blocked Hosts Interval:  **1 Hour**
 +  * Log to System Log:  **Not Checked**.
 +  * Keep Suricata Settings After Deinstall:  **Checked**.
 +
 +{{:pfsense:suricata:install_suricata:pfsense_-_services_-_suricata_-_global_settings_-_general_settings.png?800|}}
 +
 +----
 +
 +===== Manually update the rules =====
 +
 +Navigate to **Services -> Suricata -> Updates**.
 +
 +Click **Update**.
 +
 +{{:pfsense:suricata:pfsense_-_services_-_suricata_-_updates.png?800|}}
 +
 +----
 +
 +Return to [[PFSense:Suricata:Install Suricata]] or continue to [[PFSense:Suricata:Install Suricata:Create Suppress Lists|Create Suppress Lists]].
 +
 +----
 +
 +===== References =====
 +
 +https://www.snort.org
 +
 +https://www.maxmind.com
  
pfsense/suricata/install_suricata/configure_global_settings.1610715751.txt.gz · Last modified: 2021/01/15 13:02 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki