I’m working on migrating our servers from snort to Suricata and there are a couple of things not clear to me.
- SID used in snort are equivalent to Suricata ones? I assume so but I cannot find this info anywhere to confirm.
- Snort has its own single “premium ruleset” (e.g. snortrules-snapshot-2983.tar.gz) while Suricata comes with several sources enabled be default, do they provide equivalent coverage? Any hint on how could I confirm that or investigate in that direction?
Thanks in advance