Since we can not prevent network attacks for everytime, at least we should be detecting them to respond them accurately.
But as you know; false-negatives are problem for detection (you don't want to miss something bad) and false-positives are problem for prevention. (You don't want to block some legitimate & critical business application traffic)
Since we already have a reasonable number of network attack prevention systems (IPSs), the major risk is false-negative problem and to address this, here's some open source solutions for 'network detection & response' need. These solutions are not just plain IDSs, but also have session tracking and raw traffic logging capabilities to address an anomaly.
PS: You can also enrich this platforms with MISP-feeds and follow cases with theHive platform.
And some commercial stuff