search

angolo40 / mikrocata2selks

Mikrotik + Selks (Suricata) + Telegram + TZSP on Debian 12
GNU General Public License v3.0
51 stars 12 forks source link

Using Mikrocata2 when mirroring ports on a switch #8

Closed Alexander-Lukyanets closed 5 months ago

Alexander-Lukyanets commented 5 months ago

Hello! Thank you very much for your efforts. Please tell me. My firewall is managed by MikroTik. SELKS is installed on Debian 11 listening to traffic on standard network ports (enp5s0, enp6s0). Traffic going to MikroTik is mirrored in parallel to SELKS using a smart switch. How can I use Mikrocata2 to manage my MikroTik firewall? I need to manage the MikroTik firewall only when Suricata rules are triggered. I would appreciate your help.

angolo40 commented 5 months ago

Hello,

To utilize Mikrocata2 for managing your MikroTik firewall based on Suricata rules, first, confirm that Suricata on SELKS monitors the interfaces (enp5s0, enp6s0) receiving the mirrored traffic. Once Suricata effectively logs alerts to eve.json, Mikrocata2 can be employed to manage the MikroTik firewall rules, bypassing the need for a TZSP interface setup due to your existing traffic mirroring arrangement.

Originally designed for integrating with traffic from a TZSP interface, Mikrocata2 can still be adapted to respond to Suricata's alerts based on your network setup.

Alexander-Lukyanets commented 5 months ago

Hello! Thank you very much for your answer. I'll try to configure Mikrocata2.

angolo40 commented 5 months ago

U are welcome :)