Question: How do I set up Suricata - using suricata.yaml The goal of this lab is setup and configure Suricata. You will do this in your

How do I set up Suricata - using suricata.yaml

The goal of this lab is setup and configure Suricata. You will do this in your own virtual machine, you can download an Ubuntu 16 VM from the lab folder. This is in an open format (.ova file) and you should be able to import into any virtualization software.

Once you have the VM running, you can log in with the account josh and a password of password. On the desktop is the Suricata source, you will be building Suricata from this source and NOT from the Ubuntu PPA.

Building Suricata Follow the instructions from the quick start guide - Ubuntu Installation from GIT: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ubuntu_Installation_from_GIT. The pre-installation requirements have already been met, so you can skip that. Perform the following tasks: ? Begin in the Suricata section, at the command ./autogen.sh, follow these instructions to the end of that section (do not move into the Auto Setup section) No deliverable is needed for this task. Basic Setup Now youre ready for basic setup, Suricata isnt ready to run out-of-the-box. Follow the guide Basic Setup: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Basic_Setup ? You can (and should) skip the Auto setup and Setting Variables sections. There is discussion here on rules, this will come in the next section. ? The primary goal is to ensure that Suricata is working, these are the last steps in this part of the guide. You will need to modify suricata.yaml, instructions are located in this file. Address any errors you encounter when testing the engine. ? You may encounter the following error: This is due to a lack of rule files, these will be installed in the next section. Provide a screenshot showing Suricata running along with the content of stats.log. Also, detail any difficulties you encountered at this step. Rule Management The last step is to update your rules. These are configured in suricata.yaml and can be obtained from Emerging Threats. Follow the guide Rules Management with Oinkmaster - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oinkmaster. ? You do NOT need to setup Oinkmaster as a cron job, just run it manually to get the rules based on your Suricata.yaml file. ? Once you have rules installed, you may encounter additional configuration errors. You will need to resolve all ERRORs produced when running Suricata. Once you have the latest rules, run Suricata in offline mode against the PCAPS on your desktop. These PCAPs should generate an alert, to see if it did inspect the contents of *.log.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

You will be writing this up in a lab report. The exact format of this report is up to the group, but at a minimum it should include sections outlined below. Warning Each member of the team is...

MFA (Multi-Factor Authentication) Lab Overview : In this lab activity you will implement multi-factor authentication for the SSH service on an Ubuntu server. This will work in conjunction with the...

Introduction Figure 1 Different types of virtual machine connections Network Security Tools Taxonomy As shown in Figure 2 , we can classify network security tools based on the usage as either defend...

install Windows Server 2016 or 2019 or 2022 (Standard or Datacenter) in the VM Container prepared in Lab 2. The VM Container's networking also needs to be configured so that it will remain internal...

SEED Labs - SQL Injection Attack Lab 3.1 Task 1: Get Familiar with SQL Statements The objective of this task is to get familiar with SQL commands by playing with the provided database. We have...

In this project, you will set up Snort and configure some rules. Steps Download and install Snort on Kali Linux Modify the snort.conf file and configure Snort. Create some Snort rules based on the...

In this lab, you will write a program to play a game of Sudoku with the user. The goal of the game is to fill in missing numbers in an 9x9 array. Each number in the set [1-9] must be found in every...

1. At the bottom of the project use-case documentation, add a signature page for all required manager signatures. Make sure the signature page looks and feels professional which should include the...

create a summery for the process in this lab below. SUMMARY: Embed narrative of 2+ paragraph (Min 500 Words) outlining the process for this project. Highlight any issue you may have. Module 1:...

For this Discussion Board, you will watch the following two TV clips and then, by going through the first three elements of fraud (you don't have to discuss injury), determine whether fraud occurred....

The long-term liabilities section of CPS Transportation's December 31, 2010, balance sheet included the following: a. A capital lease liability with 15 remaining lease payments of $10,000 each, due...

A large retailer obtains merchandise under the credit terms of 1 1 5 , net 4 5 , but routinely takes 6 0 days to p bills. ( Because the retailer is an important customer, suppliers allow the firm to...

Seved Help 14 Wisconsin Snowmobile Corp. is considering a switch to level production Cost efficiencies would occur under level production, and aftertax costs would decline by $31,500, but inventory...

LAST WORD Explain how civil wars, population growth, and public policy decisions have contributed to periodic famines in Africa.

KEY QUESTION If we compare the betas of various investment opportunities, why do the assets that have higher betas also have higher average expected rates of return?

LAST WORD Suppose that a tax cut involves two alternative schemes: ( a ) a $2 tax cut or tax rebate for each of the 10 people in the breakfast club, or ( b ) a tax savings for each of the 10 in...