Q. What format does Suricata output events into?
A. Suricata uses the standard Unified2 format. We recommend using Barnyard2 to process events.
Q. What rulesets does Suricata use?
A. Emerging Threats and Emerging Threats Pro have Suricata optimized rulesets, however, Suricata will load the standard Snort VRT, Emerging Threats or the Emerging Threats Pro rulesets.
Q. Will I have to rewrite all of my local rules?
A. No. You can continue to use the same local rules and commercial/community rules you’ve been using with Snort. However, we recommend a Suricata-optimized ruleset to take advantage of all the engine has to offer.
Q. How do I manage Events generated by Suricata?
A. You can use any number of open and commercial products to manage events. A couple we recommend on the open side are BASE and Squil.