Suricata OpenAppID like Snort possible?
Is there also OpenAppID like Snort in Suricata available?
We use Snort at the moment, but Suricata has some nice features...
Install a test vm with pfSense and try Suricata, there was no option for OpenAppID.
bmeeks last edited by bmeeks
No, OpenAppID is a Snort-only feature. It was invented by Sourcefire which was later absorbed in 2013 into Cisco along with Snort . Cisco eventually open-sourced some of the OpenAppID stuff and included it in Snort. To date, the Suricata upstream development team has shown no interest in porting something similar into Suricata. If they ever do that, then it will be included in the pfSense Suricata package.