I know nothing about Suricata, and am in the research phase.
I would like to block all incoming remote desktop connection, but all outgoing ones. Is this possible to configure? If possible, it would be great if I could allow remote desktop to a single computer inside the network, but if it’s an all or nothing, then I’d like to block it all.
Is Suricata the product I’m looking for?