both my nginx and suricata installations run on the same Debian 12.4 Virtual Machine.
My newly setup IDSTower installation runs on a Ubuntu 23.10 Server LXC.
My challenge:
How can I connect the existing suricata installation to a new cluster on IDSTower (or vice versa)? As there is currently no suricata build available for neither Debian 12.4 nor Ubuntu 23.10, I cannot add the ppa:oisf/suricata-stable, therefore I cannot just click on “Add New Cluster”. I guess, I will have to dig further down into the system to get things connected.
@IDSTower : I have the exact same question: existing Debian install with installed Suricata (v6) from the Debian repo. I’d like to use IDSTower (I got the free licence) to manage the ruleset and view the logs. How do I setup IDSTower to use the existing (local) Suricata install?
This is currently not supported out of the box, but we are planning to support onboarding existing suricata setups in coming releases.
You can currently pull rules/IOCs managed by IDSTower to external suricata instances (not deployed via IDSTower) using exports feature (in pro version, see in demo)