Network security monitoring tools

Tools

CHIRON ELK (network analytics and threat detection)

network analysis, network security monitoring, network traffic analysis, threat discovery

CHIRON is a tool to provide network analytics based on the ELK stack. It is combined with Machine Learning threat detection using the Aktaion framework. Typical usage of the tool is home use and get the visibility of home internet devices. By leveraging the Aktaion framework, it helps with detection threats like ransomware, phishing, or other malicious traffic.

DejaVu (open source canary and deception framework)

security monitoring, threat discovery

DejaVu is an open source deception framework which can be used to deploy and administer decoys or canaries across a network infrastructure. Defenders can use deception as a technique to learn quickly about possible attackers on the network and take actions.

IVRE (reconnaissance for network traffic)

digital forensics, information gathering, intrusion detection, network analysis

IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.

Moloch (network security monitoring)

network security monitoring, security monitoring

Tools like Moloch are a great addition to everyone working with network data. One common use-case is that of network security monitoring (NSM). Here is can help with making all data more accessible and finding anomalies in the data.

Suricata (network IDS, IPS and monitoring)

information gathering, intrusion detection, network analysis, threat discovery

Suricata can be used as part of a Network Security Monitoring (NSM) ecosystem. You could use it to log HTTP requests, log and store TLS certificates, extract files from flows and store them to disk.

Sweet Security (security monitoring on Raspberry Pi and similar)

network security monitoring, security monitoring

This tool helps with automating the installation of several components like Bro IDS, Elasticsearch, Logstash, Kibana (ELK stack), and Critical Stack. Saving time on installation and configuration is its primary purpose.

Zeek (network security monitoring tool)

security monitoring

Bro helps to perform security monitoring by looking into the network's activity. It can find suspicious data streams. Based on the data, it alert, react, and integrate with other tools.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.