Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    suricata/snort/etpro rules - how to be?

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by A Former User

      This post is deleted!
      bmeeksB 1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks @A Former User
        last edited by bmeeks

        @Shazams said in suricata/snort/etpro rules - how to be?:

        Hello!
        I use the latest version suricata. I would like to expand the set of rules.

        1. Snort has two subscription options: $ 30 and $ 400. What is the difference in the rules between two subscriptions?

        I have to give you the smart alec answer first ... LOL. The difference is $370 ... ☺ .
        Okay, now that I've had my fun for the day, the real answer is there is no difference. The Snort team just has a different rate structure for private (as in individuals) versus commercial (business) users. Read the fine print on their licensing site. If you are purchasing a Snort subscription for a business, you should pay the higher rate. A pricing structure such as this is not too uncommon. Microsoft had something similar for students versus other users for their Office products.

        @Shazams said in suricata/snort/etpro rules - how to be?:>

        1. Does it make sense to apply the rules from etpro, if I purchased a snort subscription.

        p.s. Normal user.

        Unless you are Jeff Bezos or Bill Gates and just flush with cash, I think you will find an ET-Pro subscription fairly expensive (as in $2369.99 per year). That is way too rich for my wallet as an individual user. So in my case, and it's the same for the majority of users here, I would choose Snort over ET-Pro. Nothing wrong with using Snort and the free ET-Open rules, though.

        If I were the firewall admin for a larger business, and I had the budget, I would opt for the ET-Pro rules and use them along with Snort. It can never hurt to have multiple eyes looking out for trouble, or in this case multiple signatures.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.