Thanks to @filippo_carletti work, we now have a fully revised Suricata implementation.
- use Emerging Threats rules
- allow configuration of rule categories from Server Manager: each category can be disabled, enabled only for alerting, enabled for blocking bad traffic
- EveBox ( https://evebox.org/ ) is now part of the stack and can be used to see a report of blocked/alerted rules
This a screenshot of EveBox on our production firewall:
Enjoy the testing and let us know what do you think!