suricata/snort/etpro rules - how to be?
-
This post is deleted! -
@Shazams said in suricata/snort/etpro rules - how to be?:
Hello!
I use the latest version suricata. I would like to expand the set of rules.- Snort has two subscription options: $ 30 and $ 400. What is the difference in the rules between two subscriptions?
I have to give you the smart alec answer first ... LOL. The difference is $370 ... .
Okay, now that I've had my fun for the day, the real answer is there is no difference. The Snort team just has a different rate structure for private (as in individuals) versus commercial (business) users. Read the fine print on their licensing site. If you are purchasing a Snort subscription for a business, you should pay the higher rate. A pricing structure such as this is not too uncommon. Microsoft had something similar for students versus other users for their Office products.@Shazams said in suricata/snort/etpro rules - how to be?:>
- Does it make sense to apply the rules from etpro, if I purchased a snort subscription.
p.s. Normal user.
Unless you are Jeff Bezos or Bill Gates and just flush with cash, I think you will find an ET-Pro subscription fairly expensive (as in $2369.99 per year). That is way too rich for my wallet as an individual user. So in my case, and it's the same for the majority of users here, I would choose Snort over ET-Pro. Nothing wrong with using Snort and the free ET-Open rules, though.
If I were the firewall admin for a larger business, and I had the budget, I would opt for the ET-Pro rules and use them along with Snort. It can never hurt to have multiple eyes looking out for trouble, or in this case multiple signatures.