Network intrusion detection tools

Tools

DejaVu (open source canary and deception framework)

security monitoring, threat discovery

DejaVu is an open source deception framework which can be used to deploy and administer decoys or canaries across a network infrastructure. Defenders can use deception as a technique to learn quickly about possible attackers on the network and take actions.

Maltrail (malicious traffic detection system)

intrusion detection, network analysis, security monitoring

Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

Scirius (Suricata rule management)

network security monitoring

Scirius is a web application to do Suricata ruleset management. There is both a community version as paid version available.

Snort (network intrusion detection system)

security monitoring

Snort is a network intrusion detection system (NIDS) that runs on Linux and other platforms.

Suricata (network IDS, IPS and monitoring)

information gathering, intrusion detection, network analysis, threat discovery

Suricata can be used as part of a Network Security Monitoring (NSM) ecosystem. You could use it to log HTTP requests, log and store TLS certificates, extract files from flows and store them to disk.

Sweet Security (security monitoring on Raspberry Pi and similar)

network security monitoring, security monitoring

This tool helps with automating the installation of several components like Bro IDS, Elasticsearch, Logstash, Kibana (ELK stack), and Critical Stack. Saving time on installation and configuration is its primary purpose.

Zeek (network security monitoring tool)

security monitoring

Bro helps to perform security monitoring by looking into the network's activity. It can find suspicious data streams. Based on the data, it alert, react, and integrate with other tools.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.