HackerWorkspace

RE: https://infosec.exchange/@gary_alderson/116172186498398727

Still, with Zeek you can create rules and policies that allow you to filter a lot of things. Most major IDS/IPS solutions rely on Zeek or Snort. In the end, it really depends on what you need it for.

Mar 5 at 7:43pmWeb
Show threadgaryMar 5
@hackerworkspace run arkime with malcolm plus a ssl/tls proxy for more visibility - it has potential to be a nice addon for people to pep up their ips/ids. don't listen to the pundits and paper tigers - you want the data. analytics, metrics, erp, crm, osint and infosec info, sometimes you just want or need metadata - you want options #totolink