====== IDS ====== * snort * suricata * Suricata + extras: [[https://github.com/StamusNetworks/SELKS|SELKS]] ===== suricata ===== Only logs alerts. Need other tool to grep logs and send emails. alert udp !$DHCP_SERVERS 67 -> any 68 (msg:"detect rogue DHCP servers!"; sid:123456789;) #alert udp !$DHCP_SERVERS 67 -> 255.255.255.255 any (msg: "detect rogue DHCP server!"; sid:1000001;) ===== SELKS ===== 3 method of installation: * source * docker image * debian based ISO distro