Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.
doug edited this page Aug 27, 2019 · 16 revisions

Please note! This wiki is no longer maintained. Our documentation has moved to https://securityonion.net/docs/. Please update your bookmarks. You can find the latest version of this page at: https://securityonion.net/docs/NIDS.

Description

NIDS stands for Network Intrusion Detection System. It is a means of monitoring network traffic, looking for specific activity, and generating alerts.

Usage

Security Onion can run either Snort or Suricata as its Network Intrusion Detection System (NIDS). When you run Setup and choose Evaluation Mode, it will automatically default to Snort. If you choose Production Mode, you will be asked to choose whether you want to run Snort or Suricata.

Performance

In Security Onion, we compile both of these with PF_RING for higher performance.

Analysis

You can analyze NIDS alerts from Snort/Suricata via:

More Information

For more information about Snort, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Snort

For more information about Suricata, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Suricata

Clone this wiki locally