====== PFSense - Suricata - Install Suricata ======

There are multiple parts to this:

  - [[PFSense:Suricata:Install Suricata:Install the Suricata Package|Install the Suricata Package]]
  - [[PFSense:Suricata:Install Suricata:Configure Global Settings|Configure Global Settings]]
  - [[PFSense:Suricata:Install Suricata:Create Suppress Lists|Create Suppress Lists]]
  - [[PFSense:Suricata:Install Suricata:Have Suricata Monitor the WAN Interface|Have Suricata Monitor the WAN Interface]]
  - [[PFSense:Suricata:Install Suricata:Have Suricata Monitor the LAN Interface|Have Suricata Monitor the LAN Interface]]


----


==== Created a suppress list ====

To suppress certain snort and ET signatures since initially there a bunch of False Positives.

This is accomplished under **Services -> Suricata -> Suppress**.

{{:pfsense:suricata:pfsense_-_services_-_suricata_-_suppress.png?800|}}

<WRAP info>
**NOTE:**  This shows a suppresslist named **WANSuppressList**.

In order for this specific list to be used:

  * Navigate to **Services -> Suricata -> Interfaces**.
  * Edit the specific interface; in this example WAN.
  * Within **WAN Settings**, go to **Alert Suppression and Filtering** and select this suppresslist.
  * Click **Save**.

</WRAP>


----

==== Rule categories ====

Choose what rule categories to enable:

Navigate to **Services -> Suricata -> Interfaces -> WAN Categories**.

----