• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort vs Suricata Lists

Scheduled Pinned Locked Moved IDS/IPS
5 Posts 2 Posters 569 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    DefenderLLC
    last edited by DefenderLLC May 31, 2023, 6:53 PM May 31, 2023, 6:52 PM

    So are the suppression list formats the same if I go from Snort back to Suricata? I would assume so since the rulesets are the same (minus OpenAppID). I spent a lot of time fine tuning those and I'd hate to start over. Obviously I would need to remove any of the L7 stuff. Thanks.

    D 1 Reply Last reply May 31, 2023, 9:03 PM Reply Quote 0
    • D
      DefenderLLC
      last edited by May 31, 2023, 7:03 PM

      440a89cc-d806-48e9-a639-573016561d3a-image.jpeg

      1 Reply Last reply Reply Quote 0
      • D
        DefenderLLC
        last edited by May 31, 2023, 7:03 PM

        Thank you, ChatGPT Plus. :)

        1 Reply Last reply Reply Quote 0
        • D
          Dobby_ @DefenderLLC
          last edited by May 31, 2023, 9:03 PM

          @DefenderLLC said in Snort vs Suricata Lists:

          So are the suppression list formats the same if I go from Snort back to Suricata? I would assume so since the rulesets are the same (minus OpenAppID). I spent a lot of time fine tuning those and I'd hate to start over. Obviously I would need to remove any of the L7 stuff. Thanks.

          If it comes at one day that snort is not
          anymore available for pfSense, you
          could also go another way. Set up
          a RaspBerry PI 4B 4GB/8GB as a sensor
          and another unit as a snort server, done.

          You may be able to set up more sensors, let us
          say on each LAN switch one and then they should be connected to the server to feed him.

          You may be able enrich that scenario to something else like you want, such;

          • IPS in front of your Servers in the DMZ and/or LAN
          • IDS at the switches
          • OSSec on any other PC/WS/Server

          Or snort for the DMZ and snort for the LAN
          and OSSec on any PC, Workstation and the
          servers. You may be able to do it in pfSense
          and outsite like you want to go with it.

          #~. @Dobby

          Turris Omnia - 4 Ports - 2 GB RAM / TurrisOS 7 Release (Btrfs)
          PC Engines APU4D4 - 4 Ports - 4 GB RAM / pfSense CE 2.7.2 Release (ZFS)
          PC Engines APU6B4 - 4 Ports - 4 GB RAM / pfSense+ (Plus) 24.03_1 Release (ZFS)

          D 1 Reply Last reply May 31, 2023, 9:08 PM Reply Quote 1
          • D
            DefenderLLC @Dobby_
            last edited by May 31, 2023, 9:08 PM

            @Dobby_ Good idea. I do have two 8GB RP4B's just sitting around doing nothing. I was using those for Pi-hole before switching to pfBlockerNG.

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received