I have a few questions about some Suricata-IDS options:
1- Do I need to add port 445 to the
port-groups section to protect the file sharing (SMB) service?
2- Should the
af-packet section be enabled when Suricata is running in
NFQ IPS mode? Or is this section only for
AF_PACKET IPS mode?
3- In the
interfaces section, I saw something like the following:
- interface: 0000:3b:00.0 # PCIe address of the NIC port
But I have never defined the value 0000:3b:00.0. Do I have to define the PCIe address for each network card?
4- Which network card should be defined in