pfsense:suricata:install_suricata:configure_global_settings
Table of Contents
PFSense - Suricata - Install Suricata - Configure Global Settings
Enable Rule Download
Enter settings to download Snort and ET rules.
Navigate to Services → Suricata → Global Settings.
In Please Choose The Type Of Rules You Wish To Download:
- Install ETOpen Emerging Threats rules: Checked.
- Install ETPro Emerging Threats rules: Not Checked.
- ETPro Subscription Configuration Code: <blank>.
- Install Snort rules: Checked.
- Snort Rules Filename: snortrules-snapshot-29170.tar.gz.
- Snort Oinkmaster Code: Set this to your personal Oinkmaster Code obtained from your snort account page.
- Install Snort GPLv2 Community rules: Checked.
- Hide Deprecated Rules Categories: Not Checked.
NOTE: Obtain the Oinkcode by logging into Snort. Register a free account if needed.
Once logged in, click on your login email address, and go the the Oinkcode option. Generate a new code if needed.
In Rules Update Settings:
- Update Interval: 6 Hours.
- Update Start Time: 00:10. The default.
- Live Rule Swap on Update: Checked.
- GeoLite2 DB Update: Checked.
- GeoLite2 DB License Key: Enter your personal MaxMind GeoLite2 DB key.
NOTE: Obtain the GeoLite key by logging into Maxmind. Register a free account if needed.
Once logged in, click on your Services → My License Key. Generate a new code if needed.
In General Settings:
- Remove Blocked Hosts Interval: 1 Hour
- Log to System Log: Not Checked.
- Keep Suricata Settings After Deinstall: Checked.
Manually update the rules
Navigate to Services → Suricata → Updates.
Click Update.
Return to Install Suricata or continue to Create Suppress Lists.
References
pfsense/suricata/install_suricata/configure_global_settings.txt · Last modified: 2021/01/22 12:19 by peter