S3W: Snort 3.0 comes to Windows
In this research we want to show how our Endpoint Detection and Response (EDR) system can be augmented by connecting inbound and outbound network flow information with application behavior. To this end, we have ported a state-of-the-art HIPS, Snort 3, to the Windows platform.
While Snort 3 on Windows already meets Snort 2.X achievements on Windows platforms this research will show our efforts toward Snort 3.0 in Active mode / IPS, a complete novelty for Snort on Windows since also Snort 2.X does not support active mode in Windows.