I want some help with suricata ruleset I want my suricata to block domains like youtube.com,web.whatsapp.com and other social networking sites. I am not sure what I am doing wrong I have used both dns, ssl/tls, still I am able to get the response of curl -I https://www.youtube.com
Make sure your Suricata is configured in IPS mode and use drop rules.
Seems like you are starting with Suricata so I would suggest to first look at some networking/Suricata tutorials around.
For future posts please don’t forget to post how you have your network configured, what is your Suricata.yaml, how you run Suricata and what are your rules/logs.
Hi @lukashino I am currently running suricata version 7.0.3 with the help of idstower. And as per the documentations I think this version of suricata is in default ips and ids mode I read it somewhere. I have done everything possible with my knowledge about suricata.
Because I want to monitor suricata logs too. If there is any other alternative for idstower please do provide me with the feed back.