Suricata



  • Gentlemen:

    I have Suricata installed running with Pfsense 2.2. I have a subscription to Emering Threats ETPro rules. Does one have to also install Snort rules also? Any specific configuration issues for Emerging Threats ETPro rules?



  • @ghkrauss:

    Gentlemen:

    I have Suricata installed running with Pfsense 2.2. I have a subscription to Emering Threats ETPro rules. Does one have to also install Snort rules also? Any specific configuration issues for Emerging Threats ETPro rules?

    No, there is no requirement to use the Snort VRT rules.  In fact, you will find that a significant number of them (around 700 or more at last count) will not compile and run on Suricata due to them containing some rule options and keywords that are not currently supported in Suricata.  If you have an ET-Pro subscription, you should be fine.

    There some configuration threads posted here in the Packages forum.  Do a quick search for "Suricata blueprint" and that should turn up one of them.

    Bill


Log in to reply