The main thing BASE tells me is that I have a lot of work to do tuning snort before I can add another plug to tell OpenBSD’s pf firewall to block naughty communications. The default configuration reports matters which aren’t a problem for me. It also reports dubious downloads that turn out, for example, to be patches for operating systems. It is right to do so; I need to tune it to say that, for example, running steam games is permitted under my network policy.
Ultimately, BASE seems fine, but it depends on barnyard2, which is unusable.