This is a guide to the basic startup for Suricata on the pfSense. There are many in-depth settings that can be configured to best fit your individual needs, but for this guide I will only be going over the basics needed to start using Suricata. I wouldn’t recommend installing this on any system lower than an SG-3100 as it can be very memory intensive.
I suggest monitoring the feed on the “Alerts” tab for at least a week to check for false positives before implementing it with blocking enabled. If a false positive is found click the red “x” to the right of the alert to force disable the rule and remove it from the current ruleset.