[Oisf-users] Considering transitioning from Snort to Suricata questions

[Andreas Herz]

On 07/02/16 at 09:41, Jeff H wrote:
> The reason I chose Snort over Suricata was because I can buy a $30 home
> license for Snort VRT rules for my home lab setup and was told that
> Suricata wouldn't work with all of the VRT rules, but could never get much
> solid info on how many rules would be effected. Does anyone have a count or
> can provide me with more info so I can try to determine how much coverage
> from the VRT rules would be lost switching to Suricata?

Not familiar with the VRT rules but i guess most of us run the ET Open
rules which have optimized suricata versions, as well as the ET Pro.
So it might be worth to see if they would fit your case, since optimized
rules are really recommended.

> I am considering looking into switching some of my Snort installs to
> Suricata. Are there any guides/documentation/blog posts (official or not)
> that are aimed at Snort users interested in Suricata?

There is this page in regard to the config:

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Snortconf_to_Suricatayaml

And the user guide docs in general should cover all topics, if something
special missing, just ask.

-- 
Andreas Herz