Currently I am wondering if I should replace my router with OPNSense and run suricata on it.
Today I had another thought:
Does it make sense to simply run suricata on my client (laptop) since that would mean I get IDS/IPS on any network I am connected to, even if I am not at home network?
Also I wonder if this also gives the possibility to inspect traffic before it gets encrypted (https)?
Fixed my typo. It won’t see any traffic pre-encryption.
IDS/IPS signatures can be less useful with encryption, however, a lot of them are for unencrypted traffic, and you can still learn a lot about your network.
I’d say running directly on a laptop/desktop/workstation is more for the hobbyist type. In general, Suricata is based placed on a network access point, like a router/firewall or a tap off a switch. Almost sounds like you want some form of end-point security tool on your laptop as well.