Anyone have any feedback on Snort Vs Suricata? May have been posted or addressed before and I’ve missed it.
Generally I use Snort and haven’t looked at or considered Suricata, just wondering other than personal preference if something I am missing.
Snort generally takes awhile to get the filtering and false positives filtered out, pretty much have a set list we copy to new installs, now and again something gets blocked.
Just curious to anyone preferring Suricata? One thing I have found is upgrading pfSense frequently seems to screw up snort which requires removing the package, deleting the directories manually and reinstalling. How is Suricata during firmware updates?