I have a problem: I have installed Suricata on my server and set the Emergency Threats Open rules, and I am trying to perform scans on this server using nmap, even in aggressive mode with the -A option, but Suricata does not detect them. Is this normal? Could there be another specific set of rules to detect this type of nmap scans? Or did I do something wrong? I should mention that if I try to reinstall the rules, the system informs me that they are already installed, and anyway, if I perform get operations with the curl command, it detects those.
Thank you for reply.