SNORT-GUI VS Malcolm

What are some alternatives?

pyp0f - p0f v3 with impersonation spoofing, written in Python - Accurately guess the OS of a packet with passive fingerprinting.

securityonion - Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

dgad - DGA Detective - Hunt domains generated by Domain Generation Algorithms to identify malware traffic

IVRE - Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more! Uses Nmap, Masscan, Zeek, p0f, etc.

nfstream - NFStream: a Flexible Network Data Analysis Framework.

core - OPNsense GUI, API and systems backend

scapy - Scapy: the Python-based interactive packet manipulation program & library.

py-idstools - idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)

nSpector - A tool to take Nmap scans, and store the results in a queryable database.

StratosphereLinuxIPS - Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.