Reintroducing Snort 3.0

December 11, 2014 - 6 Comments

Snort 3.0

A little more than a year ago when Sourcefire became a part of Cisco, we reaffirmed our commitment to open source innovation and pledged to continue support for Snort and other open source projects. Our announcement of the OpenAppID initiative earlier this year was one of several ways we have delivered on this promise.

Today we are announcing the alpha release of a new Snort 3.0 architecture. This alpha release builds on several ideas that were part of the original 3.0 prototype developed several years ago and goes well beyond those initial concepts.

Snort 3.0 expands on the extensible architecture users have come to know and includes several new capabilities that make it easier for people to learn and run Snort. We encourage you check out it out at, give us your feedback and help us build a strong foundation for the future. As Joel mentions in his post, this is a very early release that is intended for community feedback more than anything else.

When I first began building Snort, I architected it so that we could continue to extend it over time. By working with the Snort community, it quickly evolved from the initial primitive idea of an easy-to-use intrusion detection engine to the powerful traffic analysis and control capabilities we have today. With millions of downloads and hundreds of thousands of registered users, Snort is the most widely deployed IPS technology in the world and has become the standard for intrusion detection and prevention. Snort is also the foundation of Cisco’s Next-Generation IPS and is one of the core technologies that cemented Sourcefire’s position as a leader in the security industry.

Cisco understands the power of open source and how it can help customers solve tough challenges. In the coming months you’ll hear more from us about Snort 3.0 and our continued efforts to deliver meaningful capabilities that underscore this commitment.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Can I link to database without barnyard2?

  2. Hello
    I’m interested to know if Snort 3.0 will be integrated into the FirePOWER next-generation IPS (NGIPS).

    • The current version of Snort on our products is the best IPS in the world. We are looking to widen that gap and push the envelope of detection with Snort 3.0. We do not have a timeframe of when this will be rolled out in commercial product.

  3. So how will this be integrated into the current IPS sold by Sourcefire/Cisco? Will the current hardware support this new version?

    • Not at this time. This release is currently in Alpha, a phase intended for garnering feedback from the Snort community. Although functional, it is not yet complete. Please continue to use the latest version on