Ahmet Numan Aytemiz, 7 February 2021

    1. Enable Emerging Threats Rules
    1. Test Rules

1. Enable Emerging Threats Rules

sudo apt-get install python-pip

sudo pip install --upgrade suricata-update

Image

sudo suricata-update update-sources

Image

sudo suricata-update list-sources

Image

sudo suricata-update enable-source et/open

sudo suricata-update

Image

sudo vim /etc/suricata/suricata.yml

Image

2. Test Rules

Enable Suricata

sudo suricata -c /etc/suricata/suricata.yaml -q 0

Open Suricata Log File

sudo tail -f /var/log/suricata/fast.log

Attack From Kali using user agent script scan

nmap -p 80 10.0.0.100 --script=http-useragent-tester

Image

Check Suricata Log to Detect this Illegal Scan Activity

Image