Cyber Tool Stack
All tools
IDS/NDROpen source · GPL-2.0

Snort

By Cisco

An open-source intrusion detection and prevention engine that matches network traffic against an actively maintained ruleset. Cisco maintains Snort 3 following its 2013 acquisition of Sourcefire and uses the engine inside Cisco Secure Firewall.

Verified Source: 1

Product type
Software
Deployment
On-premCLI
Organization size
SMBMid-marketEnterprise
Pricing tier
Free

Capability checklist

IDS/NDR

How Snort measures up against the full Intrusion Detection & Network Detection and Response taxonomy.

Signature-based detection — supported
Matches traffic against known attack and exploit signatures.
Behavioral anomaly detection — not supported
Baselines normal traffic patterns to flag deviations without a known signature.
East-west traffic visibility — not supported
Sees lateral movement between internal hosts, not just traffic crossing the perimeter.
Packet capture & forensics — supported
Stores full or metadata-level packet history for post-incident investigation.
Threat intelligence integration — supported
Enriches detections with known-bad IPs, domains, and indicators from feeds.
Inline blocking (IPS mode) — supported
Can actively drop malicious traffic in real time rather than only alert on it.
Encrypted traffic analysis — not supported
Flags malicious patterns in encrypted flows without decrypting them.

Alternatives

Other Intrusion Detection & Network Detection and Response tools with overlapping capabilities, sized for similar teams.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.