HELK alternatives

Looking for an alternative tool to replace HELK? During the review of HELK we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. rastrea2r (threat hunting for IOCs)
  2. MISP (Malware Information Sharing Platform)
  3. sqhunter (threat hunting)

These tools are ranked as the best alternatives to HELK.

Alternatives (by score)

64

rastrea2r

Introduction

Rastrea2r is a threat hunting utility for indicators of compromise (IOC). It is named after the Spanish word rastreador, which means hunter. This multi-platform open source tool helps incident responders and SOC analysts to triage suspected systems. The hunt for IOCs can be achieved in just a matter of a few minutes.

Project details

100

MISP

Introduction

MISP collects, stores, and distributes security indicators and discovered threats. This makes the platform useful for those involved with security incidents and malware research. Users benefit from having a well-tested platform to structure the vast number of data points available when it comes to security threats. The tooling allows interaction with other tools, like security incident and event management (SIEM) and intrusion detection systems (IDS).

Project details

MISP is written in PHP.

Strengths and weaknesses

  • + More than 50 contributors
  • + The source code of this software is available

    Typical usage

    • Fraud detection
    • Information gathering
    • Threat hunting

    MISP review

    64

    sqhunter

    Introduction

    Sqhunter is a security tool to find known and unknown threats within your network. The goal is to find possible adversaries within your network by doing specific queries. The tool uses data from osquery, Salt Open, and the Cymon API.

    Project details

    sqhunter is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Security monitoring
      • Threat discovery
      • Threat hunting

      sqhunter review

      100

      GRR Rapid Response

      Introduction

      The goal of the GRR tooling is to support digital forensics and investigations. By using a fast and scalable model, analysts can quickly perform their analysis. One of the main features is the ability to search for particular information or details. This process is called hunting.

      Project details

      GRR Rapid Response is written in Python.

      Strengths and weaknesses

      • + More than 25 contributors
      • + More than 3000 GitHub stars
      • + The source code of this software is available
      • + Supported by a large company

        Typical usage

        • Digital forensics
        • Intrusion detection
        • Threat hunting

        GRR Rapid Response review

        100

        Suricata

        Introduction

        Suricata is a somewhat younger NIDS, though has a rapid development cycle. It can work with Snort rulesets, yet also has optimized rulesets for usage with Suricata itself. For example, this set is known as Emerging Threats and fully optimized.

        Project details

        Suricata is written in C, Lua.

        Strengths and weaknesses

        • + More than 50 contributors
        • + The source code of this software is available

          Typical usage

          • Information gathering
          • Intrusion detection
          • Network analysis
          • Threat discovery

          Suricata review

          64

          XRay

          Introduction

          XRay is a security tool for reconnaissance, mapping, and OSINT gathering from public networks.

          Project details

          XRay is written in Golang.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Information gathering
            • Reconnaissance

            XRay review

            Some relevant tool missing as an alternative to HELK? Please contact us with your suggestion.