Samhain alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

83

Alternative: OSSEC

OSSEC is an open source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, rootkit detection, and more.

OSSEC uses a centralized, cross-platform architecture allowing multiple systems to be monitored and managed.

Highlights:
The OSSEC project was acquired by Third Brigade, Inc in June 2008. This included the copyrights owned by Daniel Cid, its project leader. They promised to continue the development, keep it open source, and extend commercial support and training to the community.

Trend Micro acquired Third Brigade in May 2009. This included the OSSEC project. Trend Micro promised to keep the software open source and free.

Project details

Strengths

  • + Commercial support available
  • + Well-known tool

Weaknesses

  • - Commercial support available

OSSEC project page

97

Alternative: Bro

Bro is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.

Project details

Bro is written in C++.

Strengths

  • + More than 25 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • security monitoring

Bro project page

56

Alternative: Pytbull (pytbull)

74

Alternative: Snort

Snort is a network intrusion detection system (NIDS) that runs on Linux and other platforms.

Besides intrusion detection, Snort has the capabilities to prevent attacks by taking actions.

Project details

Snort is written in C.

Strengths

  • + Supported by a large company

Typical usage

  • security monitoring

Snort project page

100

Alternative: Suricata

Network threat detection engine that acts as intrusion detection (IDS), inline intrusion prevention (IPS), and network security monitoring (NSM)

Project details

Suricata is written in C, Lua.

Strengths

  • + More than 50 contributors
  • + The source code of this software is available

Typical usage

  • information gathering
  • intrusion detection
  • network analysis

Suricata project page

93

Alternative: Loki

Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.

Project details

Loki is written in Python.

Strengths

  • + Commercial support available
  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • digital forensics
  • intrusion detection
  • security monitoring

Loki project page

64

Alternative: Maltrail

Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

Project details

Maltrail is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - More than 10 contributors
  • - More than 2000 GitHub stars

Typical usage

  • intrusion detection
  • network analysis
  • security monitoring

Maltrail project page