Network Protection: Use Suricata for IPS
Andrew Engel commented
Yes this would be an awesome addition.
considering that snort is now owned by cisco snort is as good as dead. Snort is NOT multi-threaded. What is done is snort is run in multiple instances based on cpu thread count.
Alan, Snort supports multi-process, which is very different than multi-threaded.
With MP, memory usage increases linearly with each additional process, etc.
Suricata looks interesting, though you might not be aware that UTM's implementation of Snort is multi-threaded.