Document toolboxDocument toolbox

Intrusion Detection Systems

This group includes tags that start with the level ids. These tags identify data generated by Intrusion Detection Systems (IDS).

Company

Product/Service

Data tables

Company

Product/Service

Data tables

Attivo BOTsink

  • ids.attivo.botsink

More information

Bricata IDS

  • ids.bricata.broall

  • ids.bricata.brocata

  • ids.bricata.broconn

  • ids.bricata.burocata

  • ids.bricata.suricata

More information

Bro IDS (now Zeek Network Security Monitor)

  • ids.bro.captureloss

  • ids.bro.communication

  • ids.bro.conn

  • ids.bro.dhcp

  • ids.bro.dns

  • ids.bro.dpd

  • ids.bro.files

  • ids.bro.ftp

  • ids.bro.http

  • ids.bro.knownhosts

  • ids.bro.knownservices

  • ids.bro.notice

  • ids.bro.reporter

  • ids.bro.snmp

  • ids.bro.software

  • ids.bro.ssh

  • ids.bro.ssl

  • ids.bro.stats

  • ids.bro.weird

  • ids.bro.x509

 

Corelight

  • ids.corelight

  • ids.corelight.broker

  • ids.corelight.capture_loss

  • ids.corelight.cluster

  • ids.corelight.config

  • ids.corelight.conn

  • ids.corelight.connlong

  • ids.corelight.connmod

  • ids.corelight.connred

  • ids.corelight.corelight_metrics_suricata

  • ids.corelight.corelight_metrics_zeek_doctor

  • ids.corelight.corelight_service_status

  • ids.corelight.datared

  • ids.corelight.dcerpc

  • ids.corelight.dhcp

  • ids.corelight.dnp3

  • ids.corelight.dns

  • ids.corelight.dnsred

  • ids.corelight.dpd

  • ids.corelight.encrypted_dns

  • ids.corelight.etc_viz

  • ids.corelight.files

  • ids.corelight.filesred

  • ids.corelight.ftp

  • ids.corelight.generic_dns_tunnels

  • ids.corelight.generic_icmp_tunnels

  • ids.corelight.http

  • ids.corelight.http2

  • ids.corelight.httpred

  • ids.corelight.intel

  • ids.corelight.ipsec

  • ids.corelight.irc

  • ids.corelight.kerberos

  • ids.corelight.known_certs

  • ids.corelight.known_devices

  • ids.corelight.known_domains

  • ids.corelight.known_hosts

  • ids.corelight.known_names

  • ids.corelight.known_remotes

  • ids.corelight.known_services

  • ids.corelight.known_users

  • ids.corelight.ldap

  • ids.corelight.ldap_search

  • ids.corelight.log4shell

  • ids.corelight.metrics_bro

  • ids.corelight.metrics_cpu

  • ids.corelight.metrics_disk

  • ids.corelight.metrics_docker

  • ids.corelight.metrics_iface

  • ids.corelight.metrics_memory

  • ids.corelight.metrics_s3

  • ids.corelight.metrics_sftp

  • ids.corelight.metrics_system

  • ids.corelight.metrics_utilization

  • ids.corelight.modbus

  • ids.corelight.mqttconnect

  • ids.corelight.mqtt_subscribe

  • ids.corelight.mysql

  • ids.corelight.notice

  • ids.corelight.ntlm

  • ids.corelight.ntp

  • ids.corelight.overall_capture_loss

  • ids.corelight.pcr

  • ids.corelight.pe

  • ids.corelight.radius

  • ids.corelight.rdp

  • ids.corelight.reporter

  • ids.corelight.rfb

  • ids.corelight.sip

  • ids.corelight.smb_files

  • ids.corelight.smb_mapping

  • ids.corelight.smtp

  • ids.corelight.smtplinks

  • ids.corelight.snmp

  • ids.corelight.socks

  • ids.corelight.software

  • ids.corelight.ssh

  • ids.corelight.ssl

  • ids.corelight.sslred

  • ids.corelight.stats

  • ids.corelight.stepping

  • ids.corelight.stun

  • ids.corelight.stun_nat

  • ids.corelight.suricata_corelight

  • ids.corelight.suricata_enhanced

  • ids.corelight.suricata_stats

  • ids.corelight.syslog

  • ids.corelight.traceroute

  • ids.corelight.tunnel

  • ids.corelight.weird

  • ids.corelight.weird_red

  • ids.corelight.weird_stats

  • ids.corelight.weirdmod

  • ids.corelight.x509

  • ids.corelight.x509red

  • ids.corelight.zeek_doctor

More information

Darktrace platform

  • ids.darktrace.threats

ExtraHop solution

  • ids.extrahop.audit

  • ids.extrahop.detections

  • ids.extrahop.cifs

  • ids.extrahop.crwd

  • ids.extrahop.dhcp

  • ids.extrahop.dns

  • ids.extrahop.ftp

  • ids.extrahop.http

  • ids.extrahop.kerberos

  • ids.extrahop.ldap

  • ids.extrahop.llmnr

  • ids.extrahop.mongodb

  • ids.extrahop.nfs

  • ids.extrahop.ntlm

  • ids.extrahop.rdp

  • ids.extrahop.rfb

  • ids.extrahop.rpc

  • ids.extrahop.ssh

  • ids.extrahop.ssl

  • ids.extrahop.telnet

  • ids.extrahop.flow

More information

Huawei NIP intrusion detection system (IDS)

  • ids.huawei.nip.assoc

  • ids.huawei.nip.atk

  • ids.huawei.nip.iprpu

Juniper SRX Firewall 

  • ids.juniper.srx


Reservoir R-Scope Advanced Threat Detection

  • ids.rscope.communication

  • ids.rscope.conn

  • ids.rscope.dce_rpc

  • ids.rscope.dhcp

  • ids.rscope.dns

  • ids.rscope.dpd

  • ids.rscope.files

  • ids.rscope.ftp

  • ids.rscope.http

  • ids.rscope.intel

  • ids.rscope.irc

  • ids.rscope.kerberos

  • ids.rscope.known_hosts

  • ids.rscope.known_services

  • ids.rscope.modbus

  • ids.rscope.mysql

  • ids.rscope.notice

  • ids.rscope.ntlm

  • ids.rscope.pe

  • ids.rscope.protocolstats_orig

  • ids.rscope.protocolstats_resp

  • ids.rscope.radius

  • ids.rscope.rdp

  • ids.rscope.removed_files

  • ids.rscope.reporter

  • ids.rscope.rfb

  • ids.rscope.rscopestats-byte

  • ids.rscope.rscopestats-core

  • ids.rscope.rscopestats-misc

  • ids.rscope.rscopestats-pckt

  • ids.rscope.rscopestats-port

  • ids.rscope.rscopestats-sys

  • ids.rscope.sip

  • ids.rscope.smb_files

  • ids.rscope.smb_mapping

  • ids.rscope.smtp

  • ids.rscope.snmp

  • ids.rscope.socks

  • ids.rscope.software

  • ids.rscope.ssh

  • ids.rscope.ssl

  • ids.rscope.stats

  • ids.rscope.stderr

  • ids.rscope.stdout

  • ids.rscope.syslog

  • ids.rscope.tunnel

  • ids.rscope.weird

  • ids.rscope.x509

Snort Intrusion Detection (Open source)

  • ids.snort.unified2

Suricata threat detection engine

  • ids.suricata.dns

  • ids.suricata.events

  • ids.suricata.fast

  • ids.suricata.files

  • ids.suricata.http

  • ids.suricata.stdout

Â