{"id":5170,"date":"2022-02-19T00:49:29","date_gmt":"2022-02-19T03:49:29","guid":{"rendered":"https:\/\/blog.clusterweb.com.br\/?p=5170"},"modified":"2022-02-19T00:49:29","modified_gmt":"2022-02-19T03:49:29","slug":"pfsense-2-4-4-como-configurar-ids-ips-no-pfsense-usando-o-suricata","status":"publish","type":"post","link":"https:\/\/blog.clusterweb.com.br\/?p=5170","title":{"rendered":"pfsense 2.4.4 \u2013 Como configurar IDS\/IPS no pfSense usando o Suricata"},"content":{"rendered":"<p>Elaboramos uma demonstra\u00e7\u00e3o na qual apresentamos possibilidade de uso do pacote adicional Suricata para habilitar a funcionalidade de IPS\/IDS no pfSense em dois v\u00eddeos. Neste v\u00eddeo abordamos configura\u00e7\u00f5es iniciais do Suricata e falamos tamb\u00e9m sobre conceitos como a diferen\u00e7a entre os modos de opera\u00e7\u00e3o do IPS (Legacy e Inline), e a possibilidade de configura\u00e7\u00e3o de workers (threads). A ideia deste v\u00eddeo e deixar o Suricata funcional para que no pr\u00f3ximo v\u00eddeo seja poss\u00edvel aprofundar a abordagem nas detec\u00e7\u00f5es bem como escolher quais alarmes dever\u00e3o de fato ter os pacotes associados descartados.<\/p>\n<p>&nbsp;<\/p>\n<div class=\"ast-oembed-container \" style=\"height: 100%;\"><iframe loading=\"lazy\" title=\"pfsense 2.4.4 \u2013 Como configurar IDS\/IPS no pfSense usando o Suricata (1\/2)\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/SobzXrDOnm8?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<p><!--more--><\/p>\n<p>Esse \u00e9 o segundo v\u00eddeo sobre IDS\/IPS no pfSense usando o Suricata. Neste v\u00eddeo nos aprofundamos nas detec\u00e7\u00f5es e falamos um pouco mais sobre a diferen\u00e7a entre trabalhar com block table (legacy mode) e traffic drop\/reject (Inline mode), e sobre as possibilidades de mudan\u00e7a das a\u00e7\u00f5es associadas as regras, al\u00e9m de uma prova de conceito analisando em tempo real os alertas e o drop de trafego associado as detec\u00e7\u00f5es.<\/p>\n<p>&nbsp;<\/p>\n<div class=\"ast-oembed-container \" style=\"height: 100%;\"><iframe loading=\"lazy\" title=\"pfsense 2.4.4 \u2013 Como configurar IDS\/IPS no pfSense usando o Suricata (2\/2)\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/vLG00tehrls?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Elaboramos uma demonstra\u00e7\u00e3o na qual apresentamos possibilidade de uso do pacote adicional Suricata para habilitar a funcionalidade de IPS\/IDS no pfSense em dois v\u00eddeos. Neste v\u00eddeo abordamos configura\u00e7\u00f5es iniciais do Suricata e falamos tamb\u00e9m sobre conceitos como a diferen\u00e7a entre os modos de opera\u00e7\u00e3o do IPS (Legacy e Inline), e a possibilidade de configura\u00e7\u00e3o de [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1082,1,730,830,79,42,51,1550,495,85,271],"tags":[1564,378,731,1565,1335,361,698,1298,1566,513],"class_list":["post-5170","post","type-post","status-publish","format-standard","hentry","category-centos-7-rhel-7","category-viazap","category-clusterweb","category-debian","category-firewall","category-leitura-recomendada","category-linux-linuxrs","category-pfsense","category-profissional-de-ti","category-proxy","category-seguranca-2","tag-2-4-4","tag-como","tag-configurar","tag-ids","tag-ips","tag-no","tag-o","tag-pfsense","tag-suricata","tag-usando"],"_links":{"self":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/5170","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5170"}],"version-history":[{"count":1,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/5170\/revisions"}],"predecessor-version":[{"id":5171,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/5170\/revisions\/5171"}],"wp:attachment":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}