Suricata alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

96

Alternative: Bro

Bro is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.

Project details

Bro is written in C++.

Strengths

  • + More than 25 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • security monitoring

Bro project page

81

Alternative: OSSEC

OSSEC is an open source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, rootkit detection, and more.

OSSEC uses a centralized, cross-platform architecture allowing multiple systems to be monitored and managed.

Highlights:
The OSSEC project was acquired by Third Brigade, Inc in June 2008. This included the copyrights owned by Daniel Cid, its project leader. They promised to continue the development, keep it open source, and extend commercial support and training to the community.

Trend Micro acquired Third Brigade in May 2009. This included the OSSEC project. Trend Micro promised to keep the software open source and free.

Project details

Strengths

  • + Commercial support available
  • + Well-known tool

Weaknesses

  • - Commercial support available

OSSEC project page

56

Alternative: Pytbull (pytbull)

56

Alternative: Samhain

Host-based intrusion detection system (HIDS) providing file integrity checking and log file monitoring

Samhain is a host-based intrusion detection system (HIDS). It provides file integrity checking and log file monitoring/analysis. Additional features are rootkit detection, port monitoring, detection of rogue SUID executables, and the detection of hidden processes.

Samhain is typically deployed as a standalone application, although it supports centralized logging. This makes it ideal for environments with multiple systems.

Samhain is open source software and written by Rainer Wichmann.

Project details

Strengths

  • + The source code of this software is available

Samhain project page

85

Alternative: Scirius

Scirius is a web application to do Suricata ruleset management. There is both a community version as paid version available.

Project details

Scirius is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • network security monitoring

Scirius project page

74

Alternative: Snort

Snort is a network intrusion detection system (NIDS) that runs on Linux and other platforms.

Besides intrusion detection, Snort has the capabilities to prevent attacks by taking actions.

Project details

Snort is written in C.

Strengths

  • + Supported by a large company

Typical usage

  • security monitoring

Snort project page

64

Alternative: Sweet Security

Sweet Security is a set of scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device.

Project details

Sweet Security is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • network security monitoring
  • security monitoring

Sweet Security project page