Hi,
Can Zeek be used as an IPS, or is it strictly an IDS without any packet-blocking capabilities? Is there a way to enable Zeek-based IPS through external integrations or additional tools?
Please guide me. Thanks in advance.
Best regards,
Kaushal
Honestly neither. Zeek is more metadata and more about streams.
Zeek is primarily a network-based intrusion detection system. Zeek captures data as it travels across the network and organizes it so you can analyze traffic. The data gathered by Zeek can be combined with other applications and systems to implement packet-blocking, etc..