Hello there.
How to understand which one I need hardware to set up Suricata?
There are any references? What input data do I need?
My network throughput is 10-25Gbps+.
Hello,
There are a lot of reference information if you Google it, I have some
info here although the box specs are a bit out of data compared to what
is currently available. This is with a 40Gbps FPGA
Greg
I found a lot of references, but it was for lab/test envirement and I’m looking for enterprise envirement.
Thansk for your post.
This depends on many factors, what runmode do you intend to use? How many signatures are you running? What features do you want to enable?
The right NIC plays a role as well. But to give you a very very rough idea with 10-25Gbit/s you might want something with at least 20 but better 40 cores that could work on the traffic. So a bigger Intel XEON or AMD Epyc could work, but you could get lucky with something slower. 128GB RAM on top.
I must admit, I did not dig that deep.
I was considering that I will install Suricata on server with default configuration and then I will disable some most noise/useful for my envirement rules.
I will do PoC. Maybe you can tell me what I need to look at to understand better what hardware I need to buy?
Well you need to check the traffic you want to forward, how you want to forward it. Also what you want to monitor, what is your goal for that.
But the hardware I mentioned could be a good starting point.