Is this doable? Is Snort actually useful?
User requirements? 
Shut Down / Avoid future Fortinet advertisements LOL.
Both of you are charged with wasteful carbon usage for nonsensical posts!
If you don’t have experience in subject matter, input not required.
Isn’t pihole better suited for that ?
From what I can see, Snort is more for network intrusion detection.
OTOH if you need Snort for detecting network intrusion, your firewall may not be up to par 
True 
@anav, you did not specify the bigger context ; Offcourse “Snort” can run on/in a container, but did you mean : “run SNORT on a container ON a Mikrotik ??”
In that case I don’t think it will fly…its very resource-hungry and only if you run like a CHR on a x64 servers with lots of resources you might consider this…
Also remember that SNORT is a single-threaded application…you need multiple instances and complex setup to really scale well.
Indeed: use Suricata instead, that supports multithreading.
BUT: I am running suricata on an Intel desktop CPU 6 cores @3,8 GHz for a cable uplink link with 160MBps. The box has 16G RAM. (That replaced an older 4 core Intel box, which was too slow.)
I admit, that runs a lot of other stuff as well, but this is the kind on HW Suricata/Snort likes to run on. It is also picky with the interface cards.
Also one more aspect: without breaking up all HTTPS sessions, IPSes are almost useless.
So with the energy prices today I will just stop using it and replace my shiny home FW box with all the bells and whistles by an RB5009, without IPS.
I will probably save the money I spend on the RB5009 on the electricity bill very soon.