Open majst01 opened 4 years ago
Simple consuming of IDS Stats is implemented in the new firewall-controller: https://github.com/metal-stack/firewall-controller/commit/879ea047855b6c8eb6f06f93463badf1f1f96c92
This will show up like: k describe networkids
Name: networkids-sample
Namespace: default
API Version: firewall.metal-stack.io/v1
Kind: NetworkIDS
Spec:
Enabled: true
Interval: 10
Statslog: /var/log/suricata/stats.log
Status:
ID Sstatistics:
Stats:
capture.errors: 0
capture.kernel_drops: 0
capture.kernel_packets: 2
decoder.bytes: 432
decoder.pkts: 2
Last Run: 2020-04-24T09:20:38Z
Events: <none>
This can probably be exposed by default to all customers even if the did not pay for IDS to have a peek preview what they can expect once paying.
@mwindower @chbmuc
In order to be able to report IDS events we need to install a open source IDS system in the firewall image. We already decided to choose https://suricata-ids.org/. This IDS will be always installed and will listen on all external interfaces. Configuration will be done by:
A mechanism to update IDS patterns must be enabled to run at a regular basis.