Moloch alternatives

Looking for an alternative tool to replace Moloch? During the review of Moloch we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. Zeek (network security monitoring tool)
  2. CHIRON ELK (network analytics and threat detection)
  3. DejaVu (open source canary and deception framework)

These tools are ranked as the best alternatives to Moloch.

Alternatives (by score)

100

Zeek (Bro)

Introduction

Bro helps to perform security monitoring by looking into the network's activity. It can find suspicious data streams. Based on the data, it alert, react, and integrate with other tools.

Project details

Zeek is written in C++.

Strengths and weaknesses

  • + More than 50 contributors
  • + More than 2000 GitHub stars
  • + The source code of this software is available
  • + Well-known tool

    Typical usage

    • Security monitoring

    Zeek review

    64

    CHIRON ELK

    Introduction

    CHIRON is a tool to provide network analytics based on the ELK stack. It is combined with Machine Learning threat detection using the Aktaion framework. Typical usage of the tool is home use and get the visibility of home internet devices. By leveraging the Aktaion framework, it helps with detection threats like ransomware, phishing, or other malicious traffic.

    Project details

    CHIRON ELK is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available
    • - No releases on GitHub available

    Typical usage

    • Network analysis
    • Network security monitoring
    • Network traffic analysis
    • Threat discovery

    CHIRON ELK review

    84

    DejaVu

    Introduction

    DejaVu is an open source deception framework which can be used to deploy and administer decoys or canaries across a network infrastructure. Defenders can use deception as a technique to learn quickly about possible attackers on the network and take actions.

    Project details

    Strengths and weaknesses

    • + The source code of this software is available
    • - No releases on GitHub available

    Typical usage

    • Security monitoring
    • Threat discovery

    DejaVu review

    100

    IVRE

    Introduction

    IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.

    Project details

    IVRE is written in Python.

    Strengths and weaknesses

    • + More than 10 contributors
    • + More than 1000 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Digital forensics
      • Information gathering
      • Intrusion detection
      • Network analysis

      IVRE review

      100

      Suricata

      Introduction

      Suricata is a somewhat younger NIDS, though has a rapid development cycle. It can work with Snort rulesets, yet also has optimized rulesets for usage with Suricata itself. For example, this set is known as Emerging Threats and fully optimized.

      Project details

      Suricata is written in C, Lua.

      Strengths and weaknesses

      • + More than 50 contributors
      • + The source code of this software is available

        Typical usage

        • Information gathering
        • Intrusion detection
        • Network analysis
        • Threat discovery

        Suricata review

        64

        Sweet Security

        Introduction

        This tool helps with automating the installation of several components like Bro IDS, Elasticsearch, Logstash, Kibana (ELK stack), and Critical Stack. Saving time on installation and configuration is its primary purpose.

        Project details

        Sweet Security is written in Python.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Network security monitoring
          • Security monitoring

          Sweet Security review

          Some relevant tool missing as an alternative to Moloch? Please contact us with your suggestion.