This thread is about all things snort, suricata, IPS, or IDS.
Just started using suricata and why is it so much better than snort?
any other anons out there use an ids at home?
>>60787912
use snort at work, at home feels like overkill unless you have a pet project going on
combine with a netflow tool for full visibility. I never got into IPFIX though
>>60787912
You really should be comparing to Sourcefire Firepower rather than Snort.
>>60787912
since suricata was built because of snort shortcomings, did snort ever get SMP support?
>>60788151
im not sure it does.
suricata literally just built on top of snort and that was a feature they added
>>60788151
>SMP
As in multithreading? If so Firepower has it
>>60788232
Looks neat but when I read "acquired by Cisco for $2.7 billion" I have to ask what's licensing like?
Smartnet is brutal enough until a business is established.
>>60788336
Its pretty much all hardware packages. They have a virtual appliance i've been meaning to try out since its not like I need 90Gbps of inspection throughput. Not entirely related but so far the ASA 1000v appliance seems like it can be setup for ~6 months on a invalid license before it shits itself and needs to be reinstalled. Since it just uses a config file like most Cisco stuff its not like it is time consuming to resetup.
>>60788151
snort 3.0 says it does multiple threads, but it's still alpha software. suricata is great, but bro seems to be the best thing out there. the only problem is the learning curve and complicated config files/rules.