Project

General

Profile

Actions

Feature #4242

open

config: support predefined default configuration profiles

Added by Victor Julien almost 4 years ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

The idea is that Suricata can run in various scenarios: a pure IDS engine (alert generator), NSM (all logs), IPS. Each have their own set of recommended config settings. This ticket is about adding explicit profiles:
E.g. --profile=ids or --profile=nsm.

WIP
Feature IDS NSM IPS Notes
stream midstream disabled enabled disabled
stream async disabled enabled disabled
stream depth 1mb unlimited ?? IDS rules are generally written with a limit in mind
stream events enabled disabled? enabled Noisy
eve protocol logging only in alerts enabled only in alerts eve protocol logging is expensive
Actions

Also available in: Atom PDF