|
|
|
|
|
|
by DominoTree
1345 days ago
|
|
|
They operate in completely different ways, but depending on what you're looking for, you might want to look at Suricata, especially for protocol decoding (a good chunk, especially the decoders, are built on the AMAZING `nom` parser-combinator crate in Rust and super extensible if you want to build your own decoders) A zero-ruleset (if you're not looking at actual pattern-matching or IDS functionality) deployment of Suri is surprisingly lightweight and performant, and it's also easy to roll rules for your custom decoders as well if you want to actually alert on certain things instead of just doing straight decoding and dumping to JSON |
|
|