I recently installed Suricata (version 6.0.1) on my debian 11 machine.
I want to monitor my server on the enp3s0 interface corresponding to my network xx.xx.xx.xx/24. On this server, I have ssh access by open key as well as two Apache servers.
I have a fail2ban service that bans SSH access and denied authentication on Apache. However, I have no logs or alerts generated by Suricata. Is it because of Fail2ban?
I have a very restricted firewall, which only allows http/https/ssh/dns etc access. to certain IPs.
At the Suricata rules level, I left everything by default except for the addition of the “tgreen/hunting” source.
In the configuration file, I just indicated the network address in $HOME_NET.
The only logs generated in even.json are just stats.
Do you know why I have very few alerts?
(For example, if I hping a remote server to my server, no alerts are detected)