Hi
I want to know if anyone has had a look at / has any experience with Suricata IDS (http://suricata-ids.org/ ; http://suricata-ids.org/features/all-features/ )? What do the ClearOS devs think about it compared to Snort? Would it be difficult to change ClearOS over from Snort to Suricata?
Regards
I want to know if anyone has had a look at / has any experience with Suricata IDS (http://suricata-ids.org/ ; http://suricata-ids.org/features/all-features/ )? What do the ClearOS devs think about it compared to Snort? Would it be difficult to change ClearOS over from Snort to Suricata?
Regards
Share this post:
Responses (4)
-
Accepted Answer
Hi guys
Looks like Cisco are working on Snort 3 (https://www.snort.org/snort3). It looks like it will have features similar to Suricata. It's in alpha at the moment.
I also see that the latest version of Snot (v 2.9.7) has OpenAppID built in that can do application identification - see the release notes: https://www.snort.org/downloads/snort/release_notes_2.9.7.0.txt -
Accepted Answer
HI Nick
From what I've read about Suricata vs Snort, is that Suricata is multi-thread cable and it also uses a L7-filter type of protocol detection (One advantage Suricata has is its ability to understand level 7 of the OSI model, which enhances its ability of detecting malwares. Suricata has demonstrated that it is far more efficient than Snort for detecting malwares, viruses and shellcodes). What is also nice is that Suricata can use Snort and ET rules.
It sounds quite interesting and would like to know what the dev's think of it.
Have a look at: http://www.aldeid.com/wiki/Suricata-vs-snort -
Accepted Answer
It has been thought about but did not make the wish list. Any reason for wanting it? I read a comparison a while back and there seem to be pros and cons.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »