suricata/snort/etpro rules - how to be?

A Former User

This post is deleted!

bmeeks

@Shazams said in suricata/snort/etpro rules - how to be?:

Hello!
I use the latest version suricata. I would like to expand the set of rules.

1. Snort has two subscription options: $ 30 and $ 400. What is the difference in the rules between two subscriptions?

I have to give you the smart alec answer first ... LOL. The difference is $370 ... .
Okay, now that I've had my fun for the day, the real answer is there is no difference. The Snort team just has a different rate structure for private (as in individuals) versus commercial (business) users. Read the fine print on their licensing site. If you are purchasing a Snort subscription for a business, you should pay the higher rate. A pricing structure such as this is not too uncommon. Microsoft had something similar for students versus other users for their Office products.

@Shazams said in suricata/snort/etpro rules - how to be?:>

2. Does it make sense to apply the rules from etpro, if I purchased a snort subscription.

p.s. Normal user.

Unless you are Jeff Bezos or Bill Gates and just flush with cash, I think you will find an ET-Pro subscription fairly expensive (as in $2369.99 per year). That is way too rich for my wallet as an individual user. So in my case, and it's the same for the majority of users here, I would choose Snort over ET-Pro. Nothing wrong with using Snort and the free ET-Open rules, though.

If I were the firewall admin for a larger business, and I had the budget, I would opt for the ET-Pro rules and use them along with Snort. It can never hurt to have multiple eyes looking out for trouble, or in this case multiple signatures.