Snort vs Suricata
-
In regards to the rules, I notice that the Pro verison gets a lot more updates to current events, Trojans and Malware. Even after 30 days, I do not believe that all of these make it to the Free Version. (I could be wrong).
I would recommend the ET Pro version for any commercial site vs the ET Open. If they had a better pricing package for Home Use, I believe they would sell a lot more Subscriptions.
– ETPRO TROJAN Win32.Boaxxe Trojan Checkin (trojan.rules)Yes, this is what I meant by my comment that ET-Open was more limited than ET-Pro. With the Snort VRT rules, after 30 days the rules in the free and paid are the same (well, except for new rules less than 30 days old that are in the paid set only). With Emerging Threats, as BBcan177 shows, I don't think this is the case. There are some rules from ET-Pro that may never make it into the ET-Open set.
And I also agree the Emerging Threats guys would pick up some extra sales if they offered a cheaper home version of ET-Pro.
Bill
-
Thanks for all of your responses! Out of curiosity, what packages do you personally use (Snort or Suricata) and what rulesets do you use (Snort VRT or ET)?
-
Thanks for all of your responses! Out of curiosity, what packages do you personally use (Snort or Suricata) and what rulesets do you use (Snort VRT or ET)?
Just because it is what I originally started with, I'm still using Snort on my home firewall. I have a paid VRT subscription (the $29.95/year version) and so use those rules. I also use some of the ET-Open (free) rules. I run the IPS Balanced Security Policy on my LAN along with some of the ET Trojan and Malware rules. On the WAN side, just so I have something to observe working, I run some of the ET drop rules for suspicious IPs (ET CINS, ET DROP, etc.). I don't really need those ET rules on the WAN, but I loaded them just to watch the activity and to help me test things when I do package updates.
Bill
