Set IDS Settings

  1. When the Hosts verification check passes, you will move to the IDS settings page, first you need to select the NIC port(s) for the IDS to monitor.

../_images/new_cluster_select_nic_interface.png

Note

incase you are deploying to hosts with asymmetrical NIC interfaces alignment/setup/naming, IDSTower will give you the option to choose which NIC interface to monitor per host.

  1. Next, set your company/network IP ranges, one per line, in CIDR format (eg: 10.0.0.0/8), this will help you IDS perform better and will give your rules a better context which can reduce false positives.

../_images/new_cluster_company_ip_ranges.png

Note

This option will set the HOME_NET variable in Suricata IDS suricata.yaml.

  1. Next, Click Next to move to the settings review page, make sure everything checks out, then Click on “Deploy”, IDSTower will start deploying the required services and configure them on the Target Hosts, this could take a while depending on Network Bandwidth, Internet Speed, Target Hosts speed…etc.

../_images/new_cluster_deploying.png

  1. Finally, once the installation and configuration is done, the new Cluster will be added to IDSTower.

../_images/new_cluster_deployed_successfully.png
  1. Next, we will start the IDS service.