Snort alternatives

Looking for an alternative tool to replace Snort? During the review of Snort we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. Suricata (network IDS, IPS and monitoring)
  2. Zeek (network security monitoring tool)
  3. Scirius (Suricata rule management)

These tools are ranked as the best alternatives to Snort.

Alternatives (by score)

100

Suricata

Introduction

Suricata is a somewhat younger NIDS, though has a rapid development cycle. It can work with Snort rulesets, yet also has optimized rulesets for usage with Suricata itself. For example, this set is known as Emerging Threats and fully optimized.

Project details

Suricata is written in C, Lua.

Strengths and weaknesses

  • + More than 50 contributors
  • + The source code of this software is available

    Typical usage

    • Information gathering
    • Intrusion detection
    • Network analysis
    • Threat discovery

    Suricata review

    93

    Zeek (Bro)

    Introduction

    Bro helps to perform security monitoring by looking into the network's activity. It can find suspicious data streams. Based on the data, it alert, react, and integrate with other tools.

    Project details

    Zeek is written in C++.

    Strengths and weaknesses

    • + More than 50 contributors
    • + More than 2000 GitHub stars
    • + The source code of this software is available
    • + Well-known tool

      Typical usage

      • Security monitoring

      Zeek review

      60

      Scirius

      Introduction

      Scirius is a web application to do Suricata ruleset management. There is both a community version as paid version available.

      Project details

      Scirius is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Network security monitoring

        Scirius review

        85

        Maltrail

        Introduction

        Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

        Project details

        Maltrail is written in Python.

        Strengths and weaknesses

        • + More than 10 contributors
        • + More than 2000 GitHub stars
        • + The source code of this software is available

          Typical usage

          • Intrusion detection
          • Network analysis
          • Security monitoring

          Maltrail review

          64

          Sweet Security

          Introduction

          This tool helps with automating the installation of several components like Bro IDS, Elasticsearch, Logstash, Kibana (ELK stack), and Critical Stack. Saving time on installation and configuration is its primary purpose.

          Project details

          Sweet Security is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Network security monitoring
            • Security monitoring

            Sweet Security review

            76

            DejaVu

            Introduction

            DejaVu is an open source deception framework which can be used to deploy and administer decoys or canaries across a network infrastructure. Defenders can use deception as a technique to learn quickly about possible attackers on the network and take actions.

            Project details

            Strengths and weaknesses

            • + The source code of this software is available
            • - No releases on GitHub available

            Typical usage

            • Security monitoring
            • Threat discovery

            DejaVu review

            60

            Chiron

            Introduction

            Chiron is a security assessment framework for IPv6. It provides several modules including an IPv6 scanner, IPv6 Local Link, IPv4-to-IPv6 proxy, IPv6 attack module, and IPv6 proxy. These modules help to perform an assessment, like a penetration test.

            The tool uses IPv6 extension headers to create a headers chain. This may allow evading security devices like IDS, IPS, and firewalls. Due to the flexibility of the framework, the tool can also be used to perform fuzzing of the IPv6 stack of a device.

            Project details

            Chiron is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available
            • - No releases on GitHub available

            Typical usage

            • Network analysis
            • Network scanning
            • Network security monitoring

            Chiron review

            59

            OSSEC

            Introduction

            OSSEC uses a centralized, cross-platform architecture allowing multiple systems to be monitored and managed.

            Highlights:
            The OSSEC project was acquired by Third Brigade, Inc in June 2008. This included the copyrights owned by Daniel Cid, its project leader. They promised to continue the development, keep it open source, and extend commercial support and training to the community.

            Trend Micro acquired Third Brigade in May 2009. This included the OSSEC project. Trend Micro promised to keep the software open source and free.

            Project details

            Strengths and weaknesses

            • + Commercial support available
            • + Well-known tool
            • - Commercial support available

            OSSEC review

            56

            Pytbull (pytbull)

            Introduction

            None

            Project details

            52

            Samhain

            Introduction

            Samhain is a host-based intrusion detection system (HIDS). It provides file integrity checking and log file monitoring/analysis. Additional features are rootkit detection, port monitoring, detection of rogue SUID executables, and the detection of hidden processes.

            Samhain is typically deployed as a standalone application, although it supports centralized logging. This makes it ideal for environments with multiple systems.

            Samhain is open source software and written by Rainer Wichmann.

            Project details

            Strengths and weaknesses

            • + The source code of this software is available

              Samhain review

              93

              Acra

              Introduction

              Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

              Project details

              Acra is written in Golang, Node.js, Objective-C, PHP, Python, Ruby.

              Strengths and weaknesses

              • + Commercial support available
              • + The source code of this software is available

                Typical usage

                • Data encryption
                • Data leak prevention
                • Data security
                • Vulnerability mitigation

                Acra review

                100

                GRR Rapid Response

                Introduction

                The goal of the GRR tooling is to support digital forensics and investigations. By using a fast and scalable model, analysts can quickly perform their analysis. One of the main features is the ability to search for particular information or details. This process is called hunting.

                Project details

                GRR Rapid Response is written in Python.

                Strengths and weaknesses

                • + More than 25 contributors
                • + More than 3000 GitHub stars
                • + The source code of this software is available
                • + Supported by a large company

                  Typical usage

                  • Digital forensics
                  • Intrusion detection
                  • Threat hunting

                  GRR Rapid Response review

                  93

                  Loki

                  Introduction

                  Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.

                  Project details

                  Loki is written in Python.

                  Strengths and weaknesses

                  • + More than 10 contributors
                  • + Commercial support available
                  • + More than 500 GitHub stars
                  • + The source code of this software is available

                    Typical usage

                    • Digital forensics
                    • Intrusion detection
                    • Security monitoring

                    Loki review

                    Some relevant tool missing as an alternative to Snort? Please contact us with your suggestion.