Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata OpenAppID like Snort possible?

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      slu
      last edited by

      Is there also OpenAppID like Snort in Suricata available?
      We use Snort at the moment, but Suricata has some nice features...

      pfSense Gold subscription

      1 Reply Last reply Reply Quote 0
      • S
        slu
        last edited by

        Install a test vm with pfSense and try Suricata, there was no option for OpenAppID.

        pfSense Gold subscription

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by bmeeks

          No, OpenAppID is a Snort-only feature. It was invented by Sourcefire which was later absorbed in 2013 into Cisco along with Snort . Cisco eventually open-sourced some of the OpenAppID stuff and included it in Snort. To date, the Suricata upstream development team has shown no interest in porting something similar into Suricata. If they ever do that, then it will be included in the pfSense Suricata package.

          1 Reply Last reply Reply Quote 2
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.