Today I was reading the realse notes for IPFire 2.27 - Core Update 181 released and I notices the following …
It comes with a large number of security updates in OpenSSL, Suricata, Apache & Samba as well as a number of kernel fixes.
So I started looking though the forums here and found alot of items on Suricata.
My questions are this -
So is IPFire using Suricata for IPS? is it built in or whats the story?
If Suricata is in IPFire can we get to the dashboard that Suricata provides? shown here…
Suricata Dashboard
If so how?
Also is Opencti available in IPFire?
I appreciate anyone help on getting an understanding.
Thanks,
-SF-
Hi @shadowfire
Welcome to the IPFire community.
Yes.
See the wiki
https://wiki.ipfire.org/configuration/firewall/ips
No.
I don’t know if that was provided by Suricata or is the sort of data suricata can provide to other packages.
Searching for dashboard in the current suricata documantation finds no reference at all.
No.
This looks like the sort of thing that you would normally host on a dedicated server within the Firewall perimeter, rather than on the firewall itself and it then collects data from all the different client machines running in the network. To collect data from IPFire then someone would have to create the appropriate addon in IPFire to collect the required data and provide it to the central server.
See the wiki for how to create an addon
https://wiki.ipfire.org/devel/ipfire-2-x/addon-howto
2 Likes
#/media/File:Suricata_IDS.png){kind=link}