I’m discovering IPS and I wonder how to set Suricata policies.
The doc states that
Suricata can be configured accordingly to following policies. Each policy consists of several rules:
Connectivity: check a large number of vulnerabilities, do not impact on non-realtime applications (eg VoIP)
Balanced: suitable for most scenarios, it is a good compromise between security and usability (recommended)
Security: safe mode but very invasive, may impact on chat and peer-to-peer applications
Expert: the administrator must manually select the rules from the command line
But how do we set those policies ?