Network visibility is essential to security monitoring. You can not secure what you can not see or you are not aware of. In this sense, Network-based Intrusion Detection Systems (aka NIDS) help to identify and assess what is happening between network entities. Even by a simple signature-based IDS, you can receive useful information of what is happening behind your firewalls, for example, a vulnerable service which needs an update, or a compromised node that is generating malicious network traffic. Besides, NIDS is a valuable source of information for your SIEM and SOC.
For a long time, Snort was the only option for those wish to try an open-source IDS. I've worked with Snort years ago, and also used it in conjunction with Linux Iptables to build a NIPS. I also have experienced the Suricata NIDS. It is a great open-source IDS, especially when it is used with ELK stack. SELKS provides such a platform, in which you have the Suricata engine and ELKS to store logs, manage Suricata rules and enjoy built-in dashboards as well as create custom ones.
Now I want to try other open-source NIDS tools. A quick google search reveals these ones:
So it seems there are interesting options to try.
No comments:
Post a Comment