Hello, everyone!
Please explain to me where to place Suricata correctly. I have a home local area network. I get the Internet through a router. I have 5 devices in the network. Where should I install Suricata?
Hi there!
This will depend on how you want to use Suricata.
Mainly, you can have it as an IDS/NSM, for monitoring, or as an IPS, to monitor and block traffic.
If you’re unfamiliar with Suricata and setting such a system up, I would suggest that you start with the IDS scenario to avoid messing up with your internet access.
In that case, Suricata should be run from a device that is connected to the router that provides all your devices with internet access, using the traffic mirroring port.
With that in mind, it is possible to find some tutorials in video or written form to help guide one through the whole process, depending on the type of machine where you want to install Suricata.
Thank you for your response. I will look into whether this is possible on my router.
1 Like