Integration of External Suricata Instance with Security Onion #12076
-
|
Dear Community, I'm a newcomer to Security Onion, and in our company, we already have a configured Suricata instance. I'm exploring the possibility of integrating our existing Suricata setup with Security Onion for enhanced network security monitoring. Are there recommended practices or step-by-step guides available for incorporating an external Suricata instance into Security Onion? Any insights or guidance would be highly appreciated. Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
You may be able to make this work, but we don't really recommend or support it. Instead, we recommend that you use a Security Onion node as this will be MUCH easier and fully integrated with the rest of your Security Onion deployment. In addition, this will give you not only Suricata but also Zeek and full packet capture as well (you could disable those if you really don't need them). |
Beta Was this translation helpful? Give feedback.
You may be able to make this work, but we don't really recommend or support it. Instead, we recommend that you use a Security Onion node as this will be MUCH easier and fully integrated with the rest of your Security Onion deployment. In addition, this will give you not only Suricata but also Zeek and full packet capture as well (you could disable those if you really don't need them).