In the Marriot hack post-mortem, they shared that one of the tools they used (which successfully identified the attack) was IBM Guardium.

> Accenture told Marriott's IT staff that one of their security products, a database monitoring system called IBM Guardium, had detected an anomaly on the Starwood guest reservation database

https://www.zdnet.com/article/marriott-ceo-shares-post-morte...

I'm guessing snort or one on the similar products.