Hello,
Nowadays, tools like Nmap and Metasploit are very popular among people. Why doesn’t Suricata-IDS have any rules to block these tools?
Thank you.
Hello,
Nowadays, tools like Nmap and Metasploit are very popular among people. Why doesn’t Suricata-IDS have any rules to block these tools?
Thank you.
Hello,
No idea?
Thank you.
Suricata Rules vendors (eg: Emerging threats) do have rules to detect the usage of those tools and block them if needed, with varying degrees of accuracy depending on how those tools are used, just try to download the ETOpen rules and search for metasploit in them to explore those.
Hello,
Thank you so much for your reply.
Why does Emerging threats not have such important rules? Have you been able to block these tools?
They do, the tricky part is that tools have multiple operations modes and subtools, some of those components can be more easily detectable than others.
Explore the ETOpen rules to see what is covered
Thanks again.
When I download these rules, in which directory should I put them and how to activate them?
Please follow the guidelines 2. Quickstart guide — Suricata 8.0.0-dev documentation