Q. What format does Suricata output events into?
A. Suricata uses the standard Unified2 format. We recommend using Barnyard2 to process events. There is also a newer project called Snorby available.
Q. What rulesets does Suricata use?
A. Suricata will load the standard Snort ruleset as is. Suricata has other capabilities above and beyond the standard Snort rulesets such as those available from VRT and Emerging Threats. There will be new rulesets available once the engine is completely stable and we have need to use Suricata's extended features.
Q. Will I have to rewrite all of my local rules?
A. Nope. You can continue to use the same local rules and commercial/community rules you've been using with Snort. There will be new features you can take advantage of with Suricata, but the old stuff will still work just as well!
Q. How do I manage Events generated by Suricata?
A. You can use any number of open and commercial products to manage events. A couple we recommend on the open side are BASE and Squil.
| Next > |
|---|