random936/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dotfiles/config/assets/suricata.yaml

109 lines
2.1 KiB
YAML
Raw Blame History

%YAML 1.1
---
vars:
address-groups:
HOME_NET: "[192.168.100.0/24]"
EXTERNAL_NET: "!$HOME_NET"
HTTP_SERVERS: "$HOME_NET"
SMTP_SERVERS: "$HOME_NET"
SQL_SERVERS: "$HOME_NET"
DNS_SERVERS: "$HOME_NET"
TELNET_SERVERS: "$HOME_NET"
AIM_SERVERS: "$EXTERNAL_NET"
DC_SERVERS: "$HOME_NET"
DNP3_SERVER: "$HOME_NET"
DNP3_CLIENT: "$HOME_NET"
MODBUS_CLIENT: "$HOME_NET"
MODBUS_SERVER: "$HOME_NET"
ENIP_CLIENT: "$HOME_NET"
ENIP_SERVER: "$HOME_NET"
port-groups:
HTTP_PORTS: "80"
SHELLCODE_PORTS: "!80"
ORACLE_PORTS: 1521
SSH_PORTS: 22
DNP3_PORTS: 20000
MODBUS_PORTS: 502
FILE_DATA_PORTS: "[$HTTP_PORTS,110,143]"
FTP_PORTS: 21
GENEVE_PORTS: 6081
VXLAN_PORTS: 4789
TEREDO_PORTS: 3544
SIP_PORTS: "[5060, 5061]"
default-log-dir: /home/logging/logs
classification-file: /etc/suricata/classification.config
reference-config-file: /etc/suricata/reference.config
default-rule-path: /etc/suricata/rules
rule-files:
- suricata.rules
stats:
enabled: yes
af-packet:
- interface: enp6s19
use-mmap: yes
tpacket-v3: yes
cluster-id: 99
cluster-type: cluster_flow
defrag: yes
outputs:
- fast:
enabled: yes
filename: fast.log
append: yes
- eve-log:
enabled: yes
filetype: regular
filename: eve.json
types:
- alert:
tagged-packets: yes
- http:
extended: yes
- http2
- dns:
enabled: yes
- tls:
extended: yes
- flow
- mqtt
- ssh
- dhcp:
enabled: yes
- arp:
enabled: yes
- ldap
- quic
- sip
- rfb
- snmp
- bittorrent-dht
- krb5
- dcerpc
- ike
- tftp
- smb
- nfs
- rdp
- ftp
- websocket
- smtp
- pcap-log:
enabled: yes
filename: log.pcap
limit: 1gb
max-files: 20
- stats:
enabled: yes
filename: stats.log
append: yes
totals: yes
threads: no
Reference in New Issue View Git Blame Copy Permalink