Feature #4242: config: support predefined default configuration profiles - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #4242

open

config: support predefined default configuration profiles

Added by Victor Julien almost 5 years ago. Updated over 1 year ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

The idea is that Suricata can run in various scenarios: a pure IDS engine (alert generator), NSM (all logs), IPS. Each have their own set of recommended config settings. This ticket is about adding explicit profiles:
E.g. --profile=ids or --profile=nsm.

WIP

Feature	IDS	NSM	IPS	Notes
stream midstream	disabled	enabled	disabled
stream async	disabled	enabled	disabled
stream depth	1mb	unlimited	??	IDS rules are generally written with a limit in mind
stream events	enabled	disabled?	enabled	Noisy
eve protocol logging	only in alerts	enabled	only in alerts	eve protocol logging is expensive

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #4242

config: support predefined default configuration profiles

Updated by Jason Ish almost 5 years ago

Updated by Philippe Antoine over 1 year ago