OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: GreenMatter on June 22, 2020, 05:28:24 pm

Title: Suricata vs Sensei
Post by: GreenMatter on June 22, 2020, 05:28:24 pm: Security wise, are these 2 comparable? Of course, when it comes to reporting Sensei is way better and may have lan based policy.
Sensei paid subscription is cheaper (home/soho) than ET Pro subscription but has anybody tested their effectiveness?
Thanks for any suggestions!
Title: Re: Suricata vs Sensei
Post by: Mitheor on June 22, 2020, 06:19:10 pm: They are quite different in their approach. I´m currently using Sensei (home license) and loving it so far.

Wait for 20.7 when, hopefully, both would be able to work in the same interface.
Title: Re: Suricata vs Sensei
Post by: GreenMatter on June 22, 2020, 06:34:06 pm: Quote from: Mitheor on June 22, 2020, 06:19:10 pm
Wait for 20.7 when, hopefully, both would be able to work in the same interface.
By both you mean running Suricata and Sensei in parallel? Wouldn't it be a big performance penalty?
Title: Re: Suricata vs Sensei
Post by: Mitheor on June 22, 2020, 06:35:35 pm: Quote from: GreenMatter on June 22, 2020, 06:34:06 pm
Quote from: Mitheor on June 22, 2020, 06:19:10 pm
Wait for 20.7 when, hopefully, both would be able to work in the same interface.
By both you mean running Suricata and Sensei in parallel? Wouldn't it be a big performance penalty?

Well, it depends on the resources the server has. It doesn´t have to impact the traffic.
Title: Re: Suricata vs Sensei
Post by: GreenMatter on June 22, 2020, 07:15:28 pm: Remaining question is which one is more secure? Is paid Sensei subscription close to 0 day / ET Pro?
Title: Re: Suricata vs Sensei
Post by: Mitheor on June 22, 2020, 08:59:46 pm: Quote from: GreenMatter on June 22, 2020, 07:15:28 pm
Remaining question is which one is more secure? Is paid Sensei subscription close to 0 day / ET Pro?

As of now, Suricata.

Sensei is more focused on policing your outgoing traffic than "protecting your network" (even though that will change/improve in the near future).
Title: Re: Suricata vs Sensei
Post by: GreenMatter on June 22, 2020, 10:23:51 pm: Thanks, so more like DPI with some basic malware protection as part of IPS... But it's a way easier to configure. Number of rules in Suricata kills me :-)
Title: Re: Suricata vs Sensei
Post by: guest24551 on July 09, 2020, 02:24:24 pm: I am also a little bit unsure what product might be better.
I also use both, but I also have been hacked while having both on, even with all rules enabled and dropped. So it depends on what type of attacks you try to defend against.
If you have both enabled, Sensei is asking you to configure suricata to listen on WAN and keep Sensei on the LAN site. So you wont be able to double protection on one site. This is a recommendation by sunnyvalley and maybe some others too.