Very interesting and useful video.
The one thing it frustrates me about Suricata are the false positives about “Generic Protocol Command Decode” that are very annoying.
Tom, Good work on pfSense, Networking and Security. Your videos has really we the start ups. After viewing the videos on how IIDS/IPS in those instances where systems like Suricata cannot catch threats in packets of a encrypted/secured transmitted traffic in the network than what can we do to mitigate that else then what is the need of setting Suricata and signing up the premium rulesets to be used by them since nowadays all network traffic are secured especially https traffic.
Is there a solution to this? Can someone help out. Thanks
The solution is to be more focused where you have visibility, which is at the endpoint.
Please i m trying to setup suricata on pfsense in inline mode with transparent bridge.
if i change to legacy mode all working fine and rules are matching.
But if i switch to inline mode, nothing is matching , but the traffic is still passing normally.
Use legacy mode and here is a how to set it up as a transparent bridge https://youtu.be/1EXgyvwJZ6k