Hello Suricata Community
I am currently in the process of implementing Suricata as an IDS/IPS solution for a hightraffic network environment. Our network handles a substantial amount of data daily & ensuring efficient and effective threat detection is crucial for us; I would greatly appreciate any advice or best practices from those who have experience with Suricata in similar environments.
I want to know about the following topics: You can check this
Which configuration options or improvements are essential to ensuring that Suricata operates effectively under heavy load. In order to strike a compromise between performance & thorough threat coverage, how do you maintain and update your rules. In a network with a lot of traffic, what are the best techniques for recording and examining Suricatas output?
I found the Installing Suricata 6.0.1 with PF_RINGsf-devon CentOS8
Any additional recommendations would be appreciated.
If there are any guides or resources that you recommend it would be appreciate. Your insights and experiences will be invaluable as we work to enhance our network security
Thank you in advance for your help.