Network intrusion detection alerts you to suspicious traffic within your network that may indicate a security breach, policy violation, or insecure software. Suricata is a popular open-source network intrusion detection system (NIDS) that can also be used for network intrusion prevention (NIPS) and is used in a number of commercial cybersecurity products. In this video I'll show you how to install Suricata on Ubuntu or Rocky Linux*, perform basic configuration, and tweak the rulesets to successfully identify malicious activity whilst minimising false positive alerts. *Rocky's instructions also appply to AlmaLinux, Red Hat Enterprise Linux, Oracle Linux, and CentOS. Follow-Up: Visualise Suricata Data 📽️ 🌐 Suricata Website 📖 Suricata Documentation 🌐 GitHub 💬 *Follow* *Me* Video timestamps: 0:00 - Introduction 0:22 - Intrusion Detection Vs Intrusion Prevention 1:09 - Suricata Introduction 2:15 - Installing Suricata on Ubuntu & Rocky Linux 4:17 - Configuring Suricata 7:12 - Enabling Automatic Rule Updates 8:14 - Mirroring Network Traffic to Suricata 9:15 - Testing Suricata & Viewing Alerts 11:18 - Reducing False Positives: Disable Rules 13:48 - Reducing False Positives: Suppression Rules 15:51 - Managing Log File Rotation The Pro Tech Show provides tech, tips, and advice for IT Pros and decision-makers.