Hi, I would like to have an opinion from you on the system that I want to realize.
The need is to analyze also HTTPS traffic and I suppose to use SquidProxy (because PolarProxy is too expensive) to have a clear view of it and create a MITM (transparent from the client’s point of view). How should I configure Suricata to work with SquidProxy? Have you some guide? Thanks!
You can’t forward the logs so you would have to either set Suricata before or after the proxy in the network (or run two instances on both sides) to look into the traffic.
Thanks a lot. I decided to mirror all the traffic on my IDS without reversing the SSL traffic.
You might also want to check out ipfire https://www.ipfire.org. In addition to the firewall, you also have the Squid Proxy and, of course, suricata there. Goes together perfectly.
I will have a look at it. Thanks a lot!