Re: Snort3

On 8/1/22 17:22, BSD Devel wrote:

> I think the question is does anyone even use snort anymore?

I'd be interested to know the answer...
Is anyone here using it?



> i thought it was dead

Hmm...
Seems latest release is 4 days old (latest was from 14 days ago).
The port in our tree has already been updated.
Of course Snort 2 is probably dying in favour of Snort 3 (formerly 
Snort++), which is a very different product.

OTOH we don't have PulledPort 3 in the port tree (not sure if that is 
required or 0.7 will do).



> pretty sure everyone uses prelude ids now!

I'm inheriting some setups made by a person who is not working here 
anymore, so I'm probably still too ignorant on this matter (and I'm 
trying to catch up)...
That said, Snort and Prelude seems two different things to me (NIDS/IPS 
vs SIEM); in fact I found some tutorials to integrate the two.

If you think I'm wrong, I'm listening :)



  bye & Thanks
	av.