The thought crossed my mind again about setting up more network monitoring and configure suricata as an IPS as I have more and more devices on my network. I stopped a while back because some devices on my network are unable to set a proxy or trust an SSL certificate.
Is anyone running suricata in IPS mode, I would imagine if you are, you're probably also running other tools like zeek and some sort of SIEM, maybe graylog or ELK? Is this all on a home network? What sort of malicious traffic gets prevented?
I'm interested in both the practical applications and theoretical, but perhaps the practical is easier to understand. What can suricata really help with in a home environment?
Is anyone running suricata in IPS mode, I would imagine if you are, you're probably also running other tools like zeek and some sort of SIEM, maybe graylog or ELK? Is this all on a home network? What sort of malicious traffic gets prevented?
I'm interested in both the practical applications and theoretical, but perhaps the practical is easier to understand. What can suricata really help with in a home environment?