I'm starting a comparison paper about inline Network IPS. I was looking for an opensource anomaly-based detection engine with IPS capabilities. The easiest choice seemed Zeek(formerly Bro) but from the website user-manual it doesn't look like it actually supports packets dropping, instead can only work as IDS. Digging a bit online I found a lot of confusion and contradictions with people asserting either that is possible or not but none giving a practical example. I have scraped a multitude of academic and research papers but the outcome has been always the same so far... I was wondering if anyone can tell me (by experience) if is feasible before wasting hours trying to do something that is not. Any help or insight is much appreciated. Thank you.
Asked
Active
Viewed 550 times
2
-
Your best bet is to try the IRC channel or their support mailing list. Both can be found here https://www.zeek.org/contact/index.html – Daisetsu Mar 17 '19 at 21:11