Suricata
-
How frequently is the open source (free) rule set updated? Additionally, the paid suricata subscription is so expense ($500.00); are there discounts or low cast alternatives?
Thank you for any assistance.
G. H. Krauss
-
I would recommend the ET Paid version.. It is updated more frequently… Not all of the Rules end up in the Open Ruleset either.. Also this is not just for Suricata, its also the same rulesets for Snort.
Here is a link to the daily update for ET.
http://emergingthreats.net/daily-ruleset-update-summary-20150107/ -
Currently Emerging Threats offers no lower cost versions that I am aware of (excepting the free Open Source version you mentioned).
You can use the Snort VRT rules with Suricata, but there are around 700 of those rules (if I remember the count correctly) that will not load because they contain keywords Suricata does not recognize. They won't break Suricata, but any protection afforded by the non-loading rules will of course be sacrificed.
Snort VRT does offer a home-use annual subscription for their latest rules. It is $29.99 USD per year. That's certainly cheaper than $500 USD per year.
Many folks use a combination of the ET-Open free rules and a paid Snort VRT subscription. Of course if you are a commercial enterprise, $500 per year is generally not considered an excessive expense for cyber security protection.
Bill
