Guardian and Suricata

Hi all -

Maybe someone can shed some light here… I’m wondering (or even confused) if Guardian is still useful in co-existence with Suricata. Is Guardian actually doing anything that’s not done by Suricata? Right now there are two menus to add IP addresses to block-, white- or ignore lists: in Guardian and in Suricata. I’d like to keep my firewall simple, so is there still a point in having those two services running parallel on one host?

Thanks for any clarification!

Yes Guardian parse the secure shell logs to determine and block ssh brute force attacks.