@Madchatthew certainly worth monitoring, but for it to work correctly, the bridge card needs to be running in promiscuous mode otherwise packets will be discarded by the NIC itself.
Are you looking specifically for security monitoring, or general performance monitoring also? I know that @DownPW has a lot of experience with Crowdstrike but that is essentially application layer rather than machine, so in the sense of the OSI model, it’s layer 7.
I suspect you are looking for layer 1 or 2 which would be physical (1) or data (2). There are numerous security products out there (some really good open source ones also) but I prefer to tap into the network stream at layer 3, so in this example, you’d use a network switch and create a network tap or mirroring port and use another program to read and analyse that traffic.
Taking this route means it’s agentless, and you don’t have to add machines manually. Really depends on what your requirements are.