I finally got around to enabling suricata on my router. Figured it would be a good idea since now I finally have some useful traffic going through it now that I have a K8S cluster running behind it.


It's interesting seeing the alerts that is giving. I need to tune the rules that are active, but honestly I don't really know how to choose which rules to enable, or what to do when there is an alert!

I mean, there are so many alerts at the moment. For example I have A LOT of alerts for IPs with a poor reputation. Not really much to do in that case, so do I just disable the rule for poor reputation IPs?

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!