Bro alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

81

Alternative: OSSEC

OSSEC is an open source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, rootkit detection, and more.

OSSEC uses a centralized, cross-platform architecture allowing multiple systems to be monitored and managed.

Highlights:
The OSSEC project was acquired by Third Brigade, Inc in June 2008. This included the copyrights owned by Daniel Cid, its project leader. They promised to continue the development, keep it open source, and extend commercial support and training to the community.

Trend Micro acquired Third Brigade in May 2009. This included the OSSEC project. Trend Micro promised to keep the software open source and free.

Project details

Strengths

  • + Commercial support available
  • + Well-known tool

Weaknesses

  • - Commercial support available

OSSEC project page

56

Alternative: Pytbull (pytbull)

56

Alternative: Samhain

Host-based intrusion detection system (HIDS) providing file integrity checking and log file monitoring

Samhain is a host-based intrusion detection system (HIDS). It provides file integrity checking and log file monitoring/analysis. Additional features are rootkit detection, port monitoring, detection of rogue SUID executables, and the detection of hidden processes.

Samhain is typically deployed as a standalone application, although it supports centralized logging. This makes it ideal for environments with multiple systems.

Samhain is open source software and written by Rainer Wichmann.

Project details

Strengths

  • + The source code of this software is available

Samhain project page

85

Alternative: Scirius

Scirius is a web application to do Suricata ruleset management. There is both a community version as paid version available.

Project details

Scirius is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • network security monitoring

Scirius project page

74

Alternative: Snort

Snort is a network intrusion detection system (NIDS) that runs on Linux and other platforms.

Besides intrusion detection, Snort has the capabilities to prevent attacks by taking actions.

Project details

Snort is written in C.

Strengths

  • + Supported by a large company

Typical usage

  • security monitoring

Snort project page

100

Alternative: Suricata

Network threat detection engine that acts as intrusion detection (IDS), inline intrusion prevention (IPS), and network security monitoring (NSM)

Project details

Suricata is written in C, Lua.

Strengths

  • + More than 50 contributors
  • + The source code of this software is available

Typical usage

  • information gathering
  • intrusion detection
  • network analysis

Suricata project page

93

Alternative: Loki

Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.

Project details

Loki is written in Python.

Strengths

  • + Commercial support available
  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • digital forensics
  • intrusion detection
  • security monitoring

Loki project page

64

Alternative: Maltrail

Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

Project details

Maltrail is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - More than 10 contributors
  • - More than 2000 GitHub stars

Typical usage

  • intrusion detection
  • network analysis
  • security monitoring

Maltrail project page

100

Alternative: IVRE

IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.

Project details

IVRE is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - More than 10 contributors
  • - More than 500 GitHub stars

Typical usage

  • digital forensics
  • information gathering
  • intrusion detection
  • network analysis

IVRE project page