Using Terraform and Ansible to build and configure the overall infrastructure, this repo will be a cyber range for red teams to carry out attacks and for blue teams to counter with detections and mitigations.
"Wazuh integrates with a network-based intrusion detection system (NIDS) to enhance threat detection by monitoring network traffic. In this use case, we demonstrate how to integrate Suricata with Wazuh. Suricata can provide additional insights into your network's security with its network traffic inspection capabilities."
[x] Install Suricata on the Ubuntu endpoint
[x] Add Suricata to Tailscale
[x] Install curl
[x] Install vim
[x] Install net-tools
[x] Install jq
[x] Download and extract the Emerging Threats Suricata ruleset
[x] Modify Suricata settings in the /etc/suricata/suricata.yaml file and set the appropriate variables
[x] Restart the Suricata service
[x] Configure the Wazuh agent on Suricata
[x] Add the ossec configuration to the /var/ossec/etc/ossec.conf file of the Wazuh agent
Tasks
Install and configure the Suricata IDS/IPS device according to Wazuh's "Network IDS integration" documentation.
Summary:
"Wazuh integrates with a network-based intrusion detection system (NIDS) to enhance threat detection by monitoring network traffic. In this use case, we demonstrate how to integrate Suricata with Wazuh. Suricata can provide additional insights into your network's security with its network traffic inspection capabilities."