Suricata ... hey anybody out there?

Hey is anybody here a dev for this amazing deep packet inspection tool. My hats off to you if so.

I was a Suricata user when I was running a Netgate PFsense firewall/router and I just installed it from the website ( suricata.io ) i was in a hurry to get it up and running otherwise i should have compiled from source.

Widows 11 is not an optimal platform for this software it seems.

Anyway the story is I am on an Ultra package with cursor and also burned thru $100 worth of extra LLM cycles 10 days before my monthly renewal …

So I used Auto mode to install, configure and mess with Suricata for the past 24 hours dealing with the latest heavy duty APT penetration on my machine … Wow I could not beleive it, it took like 24 hours but i ended up with a whole new set of rules for DNS TUnnelling, custom rules - I neve thought I would write Suricata rules that easily, for myself, but i had a paccket capture file to work from that has very damaging signatures for the perpetrators …

If these guys (Palantir/Microsoft et. al) want to mess with my project again I am happy to send these brand new tunneling detection rules to the Russians

So to everyone complaining about Auto mode in chat … its not optimal but wow I got a lot done system management wise, and broke new ground in deep packet inspection to solve the latest DNS tunnelling methodology.

Carry on complaining … sorry to interrupt

2 Likes

Enjoy everyone calling you a shill or an employee on a secret account or a kid or stupid, just because you put effort into trying auto amd realized it is not as bad as they think and is actually pretty good sometimes.

Luke someone crafted a user rule to force the Auto model to reveal itself, and its not always one of the shyte LLM’s - it looks like you are getting served a higher priority on a Sonnet queue just because you came via Auto - i’ll link in the thread / post for you

Bruce

Its a load Balancing utility for Cursor, thats why its free …

A Small Trick to Nudge the ‘Auto’ Model Toward Your Preference - Discussions - Cursor - Community Forum

Yea. I don’t know where people got the idea that auto uses only the bad or cheap ones. I don’t think it uses opus, but i haven’t found anythingbthat actually requires the most expensive models. And even when auto does pick something less powerful, it is probablybgoing to pick something better when you ask it to fix it or it realizes it’s code doesn’t work.

Cute hobby you got there, i can see why Auto seems to cut it for you.

This is what Auto does for me:

And this is what Claude 4 does for me:

When you’re working on bigger projects, those little things become irritating. Auto doesn’t cut it for me.

2 Likes

I have a 100K lines of python and sql Financial Services back office project as my main thing where I just limited out two days ago on Ultra and Usage … Cursor claims i recieved $$1300 value for $300

Suricata was a one day side trip excursion - I’ve got several mini Cursor projects for server configurations, and other specialized software to keep my network Architecture under control as best I can - which sometimes obviously is not under my control at all.

I’m more than choked all I have in the budget is auto till I renew in a week

Get over yourself dude

Great man happy for you. Some of us have actual work to do. Good luck.