Sourcefire has an enduring commitment to the open source security community and is a leader in open source security technology. Sourcefire manages some of the world’s most respected open source security projects including Snort®, the defacto standard for intrusion detection and prevention.


The Snort open source intrusion detection and prevention technology was created in 1998 by Martin Roesch, the founder of Sourcefire®. Snort uses a rule-driven language which combines the benefits of signature, protocol and anomaly-based inspection methods. With its dramatic speed, power and performance, Snort quickly gained momentum. With nearly 4 million downloads to date, Snort has become the single most widely deployed intrusion detection and prevention technology in the world.

Snort Engine

The Snort Engine consists of threat detection and prevention components that work together to reassemble traffic, prevent evasions, detect threats and output information about these threats without creating false positives or missing legitimate threats.

Snort Rules

The rules language used by the Sourcefire NGIPS, Snort rules are open for anyone to inspect and can be verified to address the vulnerability for which coverage is claimed. Managed by the Cisco Talos Security Intelligence and Research Group, Snort rules are the industry standard format, used by security professionals worldwide. Snort’s open rules format gives users the ability to:

  • Verify that a rule is providing complete protection against a vulnerability
  • Create new rules or modify existing ones to detect issues with custom or unusual services
  • Leverage widely available user-contributed rules from a community of hundreds of thousands of Snort users

Intrusion Agent

Sourcefire Intrusion Agents enable the Sourcefire FireSIGHT® Management Center to aggregate event information from one or more open source Snort sensors with data from the Sourcefire NGIPS and FireSIGHT® technology to create a real-time, comprehensive view of the security events on your network. This tight integration enables:

  • Sophisticated data analysis
  • Comprehensive reporting
  • Impact assessment and prioritization of events
  • Integration with third-party tools
  • Real-time response to actual attacks