I recommend installing EDR on the Protected Server
IPS is optional. Many of the firewalls contain it as a built-in module, you can learn its functionality through them.
Kali Linux is the most popular IS distributive software. Especially, among pentesters
Wireshark is a traffic analyzer. It can be useful for both pentest and incident investigation.
https://www.wireshark.org/download.html
Zabbix is software for monitoring various hardware and software parameters. It’s popular in SOCs and not only there
Grafana is software for monitoring various hardware and software parameters. It’s popular in SOCs and not only there
Wazuh is the most popular open-source SIEM and EDR