Table of Contents
- Suricata : Intrusion detection system
- Zeek: Network Security Monitor
- Beats: Lightweight Data Shipper
- Network Intrusion Detection System
Suricata : Intrusion detection system
- Deep packet inspection using rules and signatures
- Capable of operating in both IDS and
- IPS configurations
- Rules follow the format used by Snort
- Application Layer Aware
- Multithreaded for performance
Zeek: Network Security Monitor
- Extensive logging of network traffic
- Almost any protocol can be parsed into useful meta data
- Scripting Language for internal data transformation
- Custom Plugins
- Essential for Network Threat Hunting
Beats: Lightweight Data Shipper
- Small agents written in GO
- Can take multiple types of Inputs
- Lots of output options including directly to Elasticsearch
- Modules mean quick setup
- Ingest Pipelines have given Beats a dominating role
Network Intrusion Detection System
