Hello folks
I am new in this platform and trying to learn how to deploy Suricata to monitor network traffic as it comes and goes out through the Fortigate firewall?
May scenario is as follows.
-
Most of my servers are VMs running on Huawei Virtualization platform Machines, this also includes the system that I am going to deploy Suricata on, its also a VM.
-
I have most of my VM servers sitting on 2 different subnets. for Example lets say another group is on. 196.2.3.X and 172.2.3.x ranges
-
My fortigate firewall being on other range internally eg 10.141.0.2
-
All traffic or logs from Suricata would be sent to ELK stack using either elastic-agent or firebeat.
Where do I place my Suricata sensor and how can I configure the VM to capture traffic for all incoming and outgoing traffic in this scenario?
Please note also, should I get this correctly, I would like to expand Suricata to monitor traffic between endpoints and servers as well.
Your advice would be highly appreciated and would help a lot.