Document toolboxDocument toolbox

Intrusion Detection Systems

Owned by Juan Tomás Alonso Nieto (Unlicensed)
Last updated: Feb 15, 2022
2 min read

This group includes tags that start with the level ids. These tags identify data generated by Intrusion Detection Systems (IDS).

Company Product / service Valid tags

Attivo BOTsink

  • ids.attivo.botsink

Check more info about these parsers

Bricata IDS

  • ids.bricata.broall
  • ids.bricata.brocata
  • ids.bricata.broconn
  • ids.bricata.burocata
  • ids.bricata.suricata

Bro IDS (now Zeek Network Security Monitor)

  • ids.bro.captureloss
  • ids.bro.communication
  • ids.bro.conn
  • ids.bro.dhcp
  • ids.bro.dns
  • ids.bro.dpd
  • ids.bro.files
  • ids.bro.ftp
  • ids.bro.http
  • ids.bro.knownhosts
  • ids.bro.knownservices
  • ids.bro.notice
  • ids.bro.reporter
  • ids.bro.snmp
  • ids.bro.software
  • ids.bro.ssh
  • ids.bro.ssl
  • ids.bro.stats
  • ids.bro.weird
  • ids.bro.x509

Darktrace platform


  • ids.darktrace.threats


ExtraHop solution

  • ids.extrahop.audit
  • ids.extrahop.detections
  • ids.extrahop.cifs
  • ids.extrahop.crwd
  • ids.extrahop.dhcp
  • ids.extrahop.dns
  • ids.extrahop.ftp
  • ids.extrahop.http
  • ids.extrahop.kerberos
  • ids.extrahop.ldap
  • ids.extrahop.llmnr
  • ids.extrahop.mongodb
  • ids.extrahop.nfs
  • ids.extrahop.ntlm
  • ids.extrahop.rdp
  • ids.extrahop.rfb
  • ids.extrahop.rpc
  • ids.extrahop.ssh
  • ids.extrahop.ssl
  • ids.extrahop.telnet
  • ids.extrahop.flow

Check more info about these parsers

Huawei NIP intrusion detection system (IDS)

  • ids.huawei.nip.assoc
  • ids.huawei.nip.atk
  • ids.huawei.nip.iprpu

Juniper SRX Firewall 

  • ids.juniper.srx

Resevoir R-Scope Advanced Threat Detection

  • ids.rscope.communication
  • ids.rscope.conn
  • ids.rscope.dce_rpc
  • ids.rscope.dhcp
  • ids.rscope.dns
  • ids.rscope.dpd
  • ids.rscope.files
  • ids.rscope.ftp
  • ids.rscope.http
  • ids.rscope.intel
  • ids.rscope.irc
  • ids.rscope.kerberos
  • ids.rscope.known_hosts
  • ids.rscope.known_services
  • ids.rscope.modbus
  • ids.rscope.mysql
  • ids.rscope.notice
  • ids.rscope.ntlm
  • ids.rscope.pe
  • ids.rscope.protocolstats_orig
  • ids.rscope.protocolstats_resp
  • ids.rscope.radius
  • ids.rscope.rdp
  • ids.rscope.removed_files
  • ids.rscope.reporter
  • ids.rscope.rfb
  • ids.rscope.rscopestats-byte
  • ids.rscope.rscopestats-core
  • ids.rscope.rscopestats-misc
  • ids.rscope.rscopestats-pckt
  • ids.rscope.rscopestats-port
  • ids.rscope.rscopestats-sys
  • ids.rscope.sip
  • ids.rscope.smb_files
  • ids.rscope.smb_mapping
  • ids.rscope.smtp
  • ids.rscope.snmp
  • ids.rscope.socks
  • ids.rscope.software
  • ids.rscope.ssh
  • ids.rscope.ssl
  • ids.rscope.stats
  • ids.rscope.stderr
  • ids.rscope.stdout
  • ids.rscope.syslog
  • ids.rscope.tunnel
  • ids.rscope.weird
  • ids.rscope.x509

Snort Intrusion Detection (Open source)

  • ids.snort.unified2

Suricata threat detection engine

  • ids.suricata.dns
  • ids.suricata.events
  • ids.suricata.fast
  • ids.suricata.files
  • ids.suricata.http
  • ids.suricata.stdout