Sunset suricata for zeek
Behavioral detection may be more reliable than signature, simply because signatures fall out of date or are written poorly.
Might be a good idea to file zeek directly into Graylog for AniNIX/Sharingan, rather than slurping Suricata's fast.log.
So far, zeek has failed in maat.aninix.net -- it causes OOM issues. We'll stick with suricata until we have time to revisit this.
Deleting a branch is permanent. It CANNOT be undone. Continue?