OSSEC

OSSEC is an open-source host-based intrusion detection system written in C. In OSSEC, a centralized OSSEC manager stores events sent by the OSSEC agent deployed on individual hosts, and captures system logs collected via […]

 

Snort

Snort is a network-based intrusion detection and prevention system written in C. Snort sniffs network packets on the wire, analyzes packet contents against known attack signatures, and logs any suspicious activities and potential intrusion […]

 

Bro

Bro is an open-source network monitoring and intrusion detection system written in C++. Bro collects live packets via the libpcap interface, analyzes packet contents, generates events from the analysis, and performs various actions based […]

 

fail2ban

fail2ban is a Python-based intrusion prevention software that can protect various services on Linux. It works by analyzing system and application log files (e.g., /var/log/auth.log, /var/log/apache/error_log) and taking actions if any abnormal activities are […]

 

Suricata

Suricata is an open-source intrusion detection and prevention system (IDS/IPS) developed by the Open Information Security Foundation (OISF). It features a modularized and multi-threaded architecture consisting of packet capture, decode, stream assembly, detection, and […]