Wednesday, February 17, 2021

Snort 3 and Security Onion 2

Recently, the Snort team released Snort 3! We want to congratulate them on bringing their product to market after much anticipation from the community. We're long-time Snort fans here. Like many of you, we understand Snort's value in the open source network IDS community and, yes, many of our team have lots of cute cushy pigs on our desks!

One of our guiding principles for Security Onion is to encourage, foster, and champion free and open security tools with the goal of providing defenders necessary tools to win. Snort has been one of those tools since Security Onion’s inception in 2008 and is still in our most recent Security Onion 16.04 release. When we released Security Onion 2 in October 2020, it did not include Snort since much has changed in the last decade. We added Suricata to produce NIDS alerts as well as network metadata (previously only provided by Zeek/Bro), all in one multi-threaded application. Security Onion moved away from the unsigned kernel module PF_RING to AF_PACKET, which made integration with Snort 2 a significant challenge. Snort 3 continued in development for a fair bit of time, and represents a fundamental shift in how Snort and, by extension, its rules, work. With the explosive growth of Security Onion 2, our internal road map is stacked with priority items and so we’re not able to integrate Snort 3 right now. However, once we free up some cycles, we will see what it would take to integrate Snort 3.

We strive to bring the best product to market in order to shift the advantage from the adversaries to you in our user community. To that end, improvement of the user experience with data remains our current priority. As always, we value your input. Reach out to us on our Community Support Forum if you have questions or additional feedback.

No comments:

Search This Blog

Featured Post

Did You Know Security Onion Scales to the Enterprise?

Did you know Security Onion scales to the enterprise? Security Onion is designed to scale from simple standalone deployments all the way up ...

Popular Posts

Blog Archive