IDPS systems are software applications that monitor network traffic and detect possible intrusions. IDPS System can also prevent malicious activities by blocking them, logging them for further investigation and report anomalies on system administrators. A common method of threat detection by these systems is by loading a set of rules. Traffic matching one or more rules is marked as malicious and predefined actions are taken based on type of threat.

Our team used many known Intrusion Detections Systems. 

Snort is the most known IDPS, is mature and well documented. It offers a great number of ready to use rule sets that are freely available. Suricata is a more recent IDPS project that aims to overcome some of Snorts throughput limitations. Suricata is compatible with most of Snorts rule sets and has also an adequate, if not good, documentation. Finally, OSSEC is a host-based IDPS. OSSEC runs on the client’s side and communicates with a server that reports incidents but also receives commands from this server. OSSEC is widely used in the industry for its reporting and remote administration capabilities.