Document toolboxDocument toolbox

Intrusion Detection Systems

Owned by Juan Tomás Alonso Nieto (Deactivated)
Jul 06, 2022
2 min read

This group includes tags that start with the level ids. These tags identify data generated by Intrusion Detection Systems (IDS).

Company

Product/Service

Data tables

Company

Product/Service

Data tables

Attivo BOTsink

Bricata IDS

  • ids.bricata.broall

  • ids.bricata.brocata

  • ids.bricata.broconn

  • ids.bricata.burocata

  • ids.bricata.suricata

Bro IDS (now Zeek Network Security Monitor)

  • ids.bro.captureloss

  • ids.bro.communication

  • ids.bro.conn

  • ids.bro.dhcp

  • ids.bro.dns

  • ids.bro.dpd

  • ids.bro.files

  • ids.bro.ftp

  • ids.bro.http

  • ids.bro.knownhosts

  • ids.bro.knownservices

  • ids.bro.notice

  • ids.bro.reporter

  • ids.bro.snmp

  • ids.bro.software

  • ids.bro.ssh

  • ids.bro.ssl

  • ids.bro.stats

  • ids.bro.weird

  • ids.bro.x509

Darktrace platform

  • ids.darktrace.threats

ExtraHop solution

  • ids.extrahop.audit

  • ids.extrahop.detections

  • ids.extrahop.cifs

  • ids.extrahop.crwd

  • ids.extrahop.dhcp

  • ids.extrahop.dns

  • ids.extrahop.ftp

  • ids.extrahop.http

  • ids.extrahop.kerberos

  • ids.extrahop.ldap

  • ids.extrahop.llmnr

  • ids.extrahop.mongodb

  • ids.extrahop.nfs

  • ids.extrahop.ntlm

  • ids.extrahop.rdp

  • ids.extrahop.rfb

  • ids.extrahop.rpc

  • ids.extrahop.ssh

  • ids.extrahop.ssl

  • ids.extrahop.telnet

  • ids.extrahop.flow

More info about these parsers

Huawei NIP intrusion detection system (IDS)

  • ids.huawei.nip.assoc

  • ids.huawei.nip.atk

  • ids.huawei.nip.iprpu

Juniper SRX Firewall 

  • ids.juniper.srx

Reservoir R-Scope Advanced Threat Detection

  • ids.rscope.communication

  • ids.rscope.conn

  • ids.rscope.dce_rpc

  • ids.rscope.dhcp

  • ids.rscope.dns

  • ids.rscope.dpd

  • ids.rscope.files

  • ids.rscope.ftp

  • ids.rscope.http

  • ids.rscope.intel

  • ids.rscope.irc

  • ids.rscope.kerberos

  • ids.rscope.known_hosts

  • ids.rscope.known_services

  • ids.rscope.modbus

  • ids.rscope.mysql

  • ids.rscope.notice

  • ids.rscope.ntlm

  • ids.rscope.pe

  • ids.rscope.protocolstats_orig

  • ids.rscope.protocolstats_resp

  • ids.rscope.radius

  • ids.rscope.rdp

  • ids.rscope.removed_files

  • ids.rscope.reporter

  • ids.rscope.rfb

  • ids.rscope.rscopestats-byte

  • ids.rscope.rscopestats-core

  • ids.rscope.rscopestats-misc

  • ids.rscope.rscopestats-pckt

  • ids.rscope.rscopestats-port

  • ids.rscope.rscopestats-sys

  • ids.rscope.sip

  • ids.rscope.smb_files

  • ids.rscope.smb_mapping

  • ids.rscope.smtp

  • ids.rscope.snmp

  • ids.rscope.socks

  • ids.rscope.software

  • ids.rscope.ssh

  • ids.rscope.ssl

  • ids.rscope.stats

  • ids.rscope.stderr

  • ids.rscope.stdout

  • ids.rscope.syslog

  • ids.rscope.tunnel

  • ids.rscope.weird

  • ids.rscope.x509

Snort Intrusion Detection (Open source)

  • ids.snort.unified2

Suricata threat detection engine

  • ids.suricata.dns

  • ids.suricata.events

  • ids.suricata.fast

  • ids.suricata.files

  • ids.suricata.http

  • ids.suricata.stdout