[Oisf-users] Considering transitioning from Snort to Suricata questions
Andreas Herz
andi at geekosphere.org
Sun Feb 7 20:01:07 UTC 2016
On 07/02/16 at 09:41, Jeff H wrote:
> The reason I chose Snort over Suricata was because I can buy a $30 home
> license for Snort VRT rules for my home lab setup and was told that
> Suricata wouldn't work with all of the VRT rules, but could never get much
> solid info on how many rules would be effected. Does anyone have a count or
> can provide me with more info so I can try to determine how much coverage
> from the VRT rules would be lost switching to Suricata?
Not familiar with the VRT rules but i guess most of us run the ET Open
rules which have optimized suricata versions, as well as the ET Pro.
So it might be worth to see if they would fit your case, since optimized
rules are really recommended.
> I am considering looking into switching some of my Snort installs to
> Suricata. Are there any guides/documentation/blog posts (official or not)
> that are aimed at Snort users interested in Suricata?
There is this page in regard to the config:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Snortconf_to_Suricatayaml
And the user guide docs in general should cover all topics, if something
special missing, just ask.
--
Andreas Herz
More information about the Oisf-users
mailing list