Test Case: Suricata VS Snort IDS

Please check out my Udemy courses! Coupon code applied to the following links....

https://www.udemy.com/hands-on-penetration-testing-labs-30/?couponCode=NINE99

https://www.udemy.com/hands-on-penetration-testing-labs-20/?couponCode=NINE99

https://www.udemy.com/kali-linux-web-app-pentesting-labs/?couponCode=NINE99

https://www.udemy.com/kali-linux-hands-on-penetration-testing-labs/?couponCode=NINE99

https://www.udemy.com/network-security-analysis-using-wireshark-snort-and-so/?couponCode=NINE99

https://www.udemy.com/snort-intrusion-detection-rule-writing-and-pcap-analysis/?couponCode=NINE99
Description:

During this test case, I leveraged Armitage to execute a 'hail mary' attack against a Ubuntu server, while being actively monitored by Suricata or Snort IDS engines. The variable in this test is the different IDS engines, utilizing the same rulesets (VRT/Talos and ET). This was performed within Security Onion.

The results of this test conclude that several, but not all Talos rules were processed by Suricata, and a much less volume of events were triggered. Snort was able to process all rules from Talos as well as ET. This shows that Snort is likely to be the best option when choosing between Suricata and Snort engines; however, more extensive testing and analysis is needed to accurately represent the disparity between the two engines.

References:
https://snort.org/
https://suricata-ids.org/
https://securityonion.net/
https://rules.emergingthreats.net/

Видео Test Case: Suricata VS Snort IDS канала Jesse K