CHIRON ELK alternatives

Looking for an alternative tool to replace CHIRON ELK? During the review of CHIRON ELK we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. Suricata (network IDS, IPS and monitoring)
  2. SCUTUM (ARP filtering)
  3. DejaVu (open source canary and deception framework)

These tools are ranked as the best alternatives to CHIRON ELK.

Alternatives (by score)

100

Suricata

Introduction

Suricata is a somewhat younger NIDS, though has a rapid development cycle. It can work with Snort rulesets, yet also has optimized rulesets for usage with Suricata itself. For example, this set is known as Emerging Threats and fully optimized.

Project details

Suricata is written in C, Lua.

Strengths and weaknesses

  • + More than 50 contributors
  • + The source code of this software is available

    Typical usage

    • Information gathering
    • Intrusion detection
    • Network analysis
    • Threat discovery

    Suricata review

    60

    SCUTUM

    Introduction

    The primary goal of this solution is to prevent ARP spoofing by other computers on the local network. It uses a whitelist and blocks all other systems sending possible malicious ARP requests (e.g. with spoofing attack).

    Project details

    SCUTUM is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available
    • - Full name of author is unknown

    Typical usage

    • Firewall management
    • Network traffic filtering

    SCUTUM review

    76

    DejaVu

    Introduction

    DejaVu is an open source deception framework which can be used to deploy and administer decoys or canaries across a network infrastructure. Defenders can use deception as a technique to learn quickly about possible attackers on the network and take actions.

    Project details

    Strengths and weaknesses

    • + The source code of this software is available
    • - No releases on GitHub available

    Typical usage

    • Security monitoring
    • Threat discovery

    DejaVu review

    100

    IVRE

    Introduction

    IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.

    Project details

    IVRE is written in Python.

    Strengths and weaknesses

    • + More than 10 contributors
    • + More than 1000 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Digital forensics
      • Information gathering
      • Intrusion detection
      • Network analysis

      IVRE review

      97

      Moloch

      Introduction

      Moloch comes with a web interface that allows for easy browsing of pcap data (packet capture). It can also search in the data or export it. Besides pcap, the JSON format is supported, so data can be easily consumed in other tools (like Wireshark).

      Project details

      Moloch is written in C, Node.js.

      Strengths and weaknesses

      • + More than 25 contributors
      • + More than 3000 GitHub stars
      • + Many releases available
      • + The source code of this software is available
      • + Supported by a large company

        Typical usage

        • Network security monitoring
        • Security monitoring

        Moloch review

        64

        Sweet Security

        Introduction

        This tool helps with automating the installation of several components like Bro IDS, Elasticsearch, Logstash, Kibana (ELK stack), and Critical Stack. Saving time on installation and configuration is its primary purpose.

        Project details

        Sweet Security is written in Python.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Network security monitoring
          • Security monitoring

          Sweet Security review

          93

          Zeek (Bro)

          Introduction

          Bro helps to perform security monitoring by looking into the network's activity. It can find suspicious data streams. Based on the data, it alert, react, and integrate with other tools.

          Project details

          Zeek is written in C++.

          Strengths and weaknesses

          • + More than 50 contributors
          • + More than 2000 GitHub stars
          • + The source code of this software is available
          • + Well-known tool

            Typical usage

            • Security monitoring

            Zeek review

            100

            MISP

            Introduction

            MISP collects, stores, and distributes security indicators and discovered threats. This makes the platform useful for those involved with security incidents and malware research. Users benefit from having a well-tested platform to structure the vast number of data points available when it comes to security threats. The tooling allows interaction with other tools, like security incident and event management (SIEM) and intrusion detection systems (IDS).

            Project details

            MISP is written in PHP.

            Strengths and weaknesses

            • + More than 50 contributors
            • + The source code of this software is available

              Typical usage

              • Fraud detection
              • Information gathering
              • Threat hunting

              MISP review

              68

              Bleach

              Introduction

              Bleach is a library for Django that can sanitize HTML by escaping and stripping harmful content. It provides a filter for untrusted content and disarms potential unwanted scripts from the input. This may be useful to apply to data that is transmitted via HTML forms or otherwise.

              Project details

              Bleach is written in Python.

              Strengths and weaknesses

              • + More than 25 contributors
              • + More than 1000 GitHub stars
              • + The source code of this software is available

                Typical usage

                • Data sanitizing

                Bleach review

                59

                socat

                Introduction

                Socat is a tool to share data between systems. It can leverage an existing connection, or set up a new channel between two systems. This can be useful to relay traffic, do a quick data transfer, or test other systems. Another option is to use it on the local system to add an encrypted channel.

                Project details

                socat is written in C.

                Strengths and weaknesses

                • + The source code of this software is available
                • + Well-known tool

                  Typical usage

                  • Data encryption
                  • Data transfers

                  socat review

                  64

                  Trawler

                  Introduction

                  Trawler can simplify the work that is related to collecting phishing information like reports. It can process the information and use the information for follow-up steps.

                  Project details

                  Trawler is written in Python.

                  Strengths and weaknesses

                  • + The source code of this software is available
                  • - No releases on GitHub available

                  Typical usage

                  • Data collection
                  • Phishing attacks

                  Trawler review

                  70

                  Xplico

                  Introduction

                  With Xplico analysis can be performed on captured internet traffic. The data stored in a pcap file can then be displayed and the related protocol data can be extracted from the capture file. This may include emails, HTTP sessions, VoIP calls, or anything that can be recognized and stored.

                  Project details

                  78

                  Intrigue Core

                  Introduction

                  Intrigue Core provides a framework to measure the attack surface of an environment. This includes discovering infrastructure and applications, performing security research, and doing vulnerability discovery.

                  Intrigue also allows enriching available data and perform OSINT research (open source intelligence). The related scans include DNS subdomain brute-forcing, email harvesting, IP geolocation, port scanning, and using public search engines like Censys, Shodan, and Bing.

                  Project details

                  Intrigue Core is written in Ruby.

                  Strengths and weaknesses

                  • + More than 500 GitHub stars
                  • + The source code of this software is available

                    Typical usage

                    • Asset discovery
                    • Attack surface measurement
                    • Intelligence gathering
                    • OSINT research
                    • Penetration testing
                    • Security assessment

                    Intrigue Core review

                    64

                    MalPipe

                    Introduction

                    MalPipe is a modular malware and indicator collection and processing framework. It is designed to pull information about malware, domains, URLs, and IP addresses from multiple feeds. Finally, it will enrich the collected data and export the results.

                    Project details

                    MalPipe is written in Python.

                    Strengths and weaknesses

                    • + The source code of this software is available
                    • - No releases on GitHub available

                    Typical usage

                    • Data enrichment
                    • Data processing
                    • Intrusion detection
                    • Malware analysis
                    • Malware detection

                    MalPipe review

                    Some relevant tool missing as an alternative to CHIRON ELK? Please contact us with your suggestion.