Snort vs Suricata

Anyone have any feedback on Snort Vs Suricata? May have been posted or addressed before and I’ve missed it.

Generally I use Snort and haven’t looked at or considered Suricata, just wondering other than personal preference if something I am missing.

Snort generally takes awhile to get the filtering and false positives filtered out, pretty much have a set list we copy to new installs, now and again something gets blocked.

Just curious to anyone preferring Suricata? One thing I have found is upgrading pfSense frequently seems to screw up snort which requires removing the package, deleting the directories manually and reinstalling. How is Suricata during firmware updates?

I haven’t had many issues with Suricata in the year or so I’ve been running it. I thought I did, but it turned out to be a bad mobo that was manifesting that way.

The rule sets are the same. So there really isn’t a difference with fine tuning.

If I remember correctly, the reason I went with Suricata over Snort was that Suricata is multithreaded and Snort is not.