Project Objectives:

Build a simple Intrusion Detection system (IDS) on AWS using Suricata and VPC Traffic Mirroring.The aim was to simulate **malicious traffic from one EC2 instance (**victim) and **detect it on another instance (**monitor) using suricata.

Tools I used

• AWS VPC
• EC2 Instances (UBUNTU)
• Suricata (open-source NIDS)
• VPC Traffic Mirroring
• TCP Dump / Curl
• Security Groups, NACLs
• Mobaxterm (SSH)

PHASE 1: VPC and Network Architecture Setup

Step 1: Created a custom VPC

• VPC CIDR block : 10.0.0.0/16

Step 2: Created Subnets

• Public subnet: 10.0.1.0/24 (used for both EC2)

Step 3: Created an Internet Gateway

• Attached to the VPC