Suricata OpenAppID like Snort possible?



  • Is there also OpenAppID like Snort in Suricata available?
    We use Snort at the moment, but Suricata has some nice features...



  • Install a test vm with pfSense and try Suricata, there was no option for OpenAppID.



  • No, OpenAppID is a Snort-only feature. It was invented by Sourcefire which was later absorbed in 2013 into Cisco along with Snort . Cisco eventually open-sourced some of the OpenAppID stuff and included it in Snort. To date, the Suricata upstream development team has shown no interest in porting something similar into Suricata. If they ever do that, then it will be included in the pfSense Suricata package.


Log in to reply