Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What is the difference between Suricata and snort ?

    pfSense Packages
    2
    2
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      firefox
      last edited by

      I understand that they both IDS/IPS Daemon
      What is the difference between them ?

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        @firefox:

        I understand that they both IDS/IPS Daemon
        What is the difference between them ?

        Nothing really except two different vendors.  Snort is an open-source version of the IDS engine used by Sourcefire.  Suricata is a totally open-source effort partially funded by the U.S. Government and some private companies.  Well, technically Suricata is funded by the Open Information Security Foundation, but they get funding from the U.S. Department of Homeland Security and others.  Here is a link describing Suricata:  https://www.openinfosecfoundation.org/index.php/download-suricata.  Suricata is multi-threaded and should theoretically scale better in very high throughput networks.  However, extensive testing by the Snort guys and some independents shows there really is not much difference in the packet throughput in real-world networks between Snort and Suricata.

        In the end it comes down to personal preference.  Currently Suricata captures and logs a little bit more "context" around alerts, but Snort is catching up in this area.

        Bill

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.