Table of Contents

PFSense - Suricata - Install Suricata

There are multiple parts to this:

  1. Install the Suricata Package
  2. Configure Global Settings
  3. Create Suppress Lists
  4. Have Suricata Monitor the WAN Interface
  5. Have Suricata Monitor the LAN Interface

Created a suppress list

To suppress certain snort and ET signatures since initially there a bunch of False Positives.

This is accomplished under Services → Suricata → Suppress.

NOTE: This shows a suppresslist named WANSuppressList.

In order for this specific list to be used:

  • Navigate to Services → Suricata → Interfaces.
  • Edit the specific interface; in this example WAN.
  • Within WAN Settings, go to Alert Suppression and Filtering and select this suppresslist.
  • Click Save.

Rule categories

Choose what rule categories to enable:

Navigate to Services → Suricata → Interfaces → WAN Categories.