IPS Categories to enable

NethServer Version: 7
Module: IPS

What category I have to enable on IPS Suricata?

I don’t know how they are appeared…
Thanks.

Maybe you installed/updated it from nethserver-testing repo?

I’d say, it really depends on your environment. I put all categories to alert to check if there are warnings for a week and will block them if needed.
You may also set all to block and test if your apps are working…

Oh yes, I have installed nethserver-testing repo…
But where I can see the alerts?

You may install evebox from testing.

2 Likes

Anyone can help me to analyze EveBox alerts?

For sure. Please open a new topic, post your specific evebox alert and community will try to help you.

https://rules.emergingthreats.net/open/suricata/rules/

Here are all the rules it uses. Emerging-Rules are the rules suricata pulls from, if you have a rules question open the rule and read it for a better idea of what its doing/blocking. Rules are also located in the suricata folder on the server. Id say everything can be left as “Blocked” except “Policy” as that can be set on “Alert”. Policy is mainly inter-network possibly policy violations, like plaintext passwords sent over a network and the like.

2 Likes

I have created the topic.
Thanks.