[Zeek] Can Zeek be installed as in-line IPS?
Dario Mohaddes
m.dariuz at gmail.com
Mon Mar 18 02:49:32 PDT 2019
I'm starting a comparison paper about inline Network IPS. I was looking for
an opensource anomaly-based detection engine with IPS capabilities. The
easiest choice seemed Zeek but from the website user-manual it doesn't look
like it actually supports packets dropping, instead can only work as IDS.
Digging a bit online I found a lot of confusion and contradictions with
people asserting either that is possible or not but none giving a practical
example. I have scraped a multitude of academic and research papers but
they haven’t help... I was wondering if anyone can tell me if is feasible
before wasting hours trying to do something that is not. Any help or
insight is much appreciated. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190318/49cd4817/attachment.html
More information about the Zeek
mailing list