SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 intrusion-detection Open-Source Projects
-
Project mention: Osquery: An sqlite3 virtual table exposing operating system data to SQL | news.ycombinator.com | 2024-02-25
There's at least one open data quality issue for `process_open_sockets` on macOS[1]. It's a few years old however and, if you aren't seeing that casting error, you probably aren't hitting it. But that's a good example of the kind of debt that's been built up over time.
(In terms of general purpose/flexible tooling, I'm not aware of a close replacement for osquery.)
-
Project mention: Looking for a way to remote in to K's of raspberry pi's... | /r/sysadmin | 2023-12-10
now some things you need to think about: - cloud init - this will need to be secure so lock it down hard anything not needed an alternative OS to look at if you have the ability's is https://www.alpinelinux.org/ also as these devices are not that powerfull every extra agent / abstaction layer you add impacts performance need to look at low over head security https://www.crowdsec.net/ and https://github.com/fail2ban/fail2ban (if you call fail2ban security) - using certificates to authenticate ssh login
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
I just wanted to tell you about Maltrail (https://github.com/stamparm/maltrail/).
-
OSSEC
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
-
Pi.Alert
WIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices
When using PiAlert make sure you use the fork https://github.com/jokob-sk/Pi.Alert and not the very outdated original.
-
ipban
Since 2011, IPBan is the worlds most trusted, free security software to block hackers and botnets. With both Windows and Linux support, IPBan has your dedicated or cloud server protected. Upgrade to IPBan Pro today and get a discount. Learn more at ↓
Project mention: Well I'm ready to throw in the towel - public IP to 3389 | /r/sysadmin | 2023-12-07 -
Pi.Alert
💻🔍 WIFI / LAN intruder detector. Scans for devices connected to your network and alerts you if new and unknown devices are found. (by jokob-sk)
When using PiAlert make sure you use the fork https://github.com/jokob-sk/Pi.Alert and not the very outdated original.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
If you're looking to learn on your own, try mikeroyal's digital forensics guide on Github. There's a lot of recommended resources there that'll speed you up. https://github.com/mikeroyal/Digital-Forensics-Guide
-
acra
Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL. (by cossacklabs)
-
Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
-
Yep, and from my experience too (made a tool that monitors network traffic with eBPF [1]) in addition to those issues there is also a sizable latency hit.
-
Project mention: Wazuh Docker Single Node. 500 error after changing admin password | /r/Wazuh | 2023-07-31
Now based on my reading of https://github.com/wazuh/wazuh-docker/issues/775This is means i should enter the indexer container and run securityadmin after setting the environment variables specified in the docs....I did this. The command completes successfully with no errors.
-
By the way, is there any way to initiate a force scan whenever we want without having to modify the configuration file for the time interval? According to this link "https://github.com/wazuh/wazuh-kibana-app/issues/3878," there is supposedly a button to force a specific agent to perform a scan. However, I'm using version 4.4.5 and I don't have access to that functionality.
-
-
Intrusion-Detection-System-Using-Machine-Learning
Code for IDS-ML: intrusion detection system development using machine learning algorithms (Decision tree, random forest, extra trees, XGBoost, stacking, k-means, Bayesian optimization..)
-
Pi.Alert
Scan the devices connected to your WIFI / LAN and alert you the connection of unknown devices. It also warns if a "always connected" device disconnects. In addition, it is possible to check web services for availability. For this purpose HTTP status codes and the response time of the service are evaluated. (by leiweibau)
Project mention: Pi.Alert using increasing number of arp-scan processes simultaneously | /r/pihole | 2023-07-05For those of you who may seek help on this subject, kind leiweibau helped me in this and that conversations. There is a better and actively developed fork of this project in leiweibau's github repo. So you may want to use it.
-
py-idstools
idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)
I like this a lot. We have a in-house Snort 2 forwarder that does a similar thing with https://github.com/jasonish/py-idstools and forwards the result directly using HEC. We could use the same code base for dnstap if we wanted.
-
-
-
Project mention: wazuh-archive* index not found in Stack Management / Index Patterns. | /r/Wazuh | 2023-05-12
-
-
MStream
Anomaly Detection on Time-Evolving Streams in Real-time. Detecting intrusions (DoS and DDoS attacks), frauds, fake rating anomalies. (by Stream-AD)
-
Project mention: Help: Dashboard installation failing with "can't read etc/opensearch_dashboards.yml no such file or directory" | /r/Wazuh | 2023-12-06
found something from GitHub discussions; was able to remove a pre-removal-script first:
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
intrusion-detection related posts
- SQLite virtual table to query operating system data via SQL
- Show HN: Natural Language to SQL "Text-to-SQL" API by Dataherald
- Alternative for Pi-Alert
- Fail2Ban – Daemon to ban hosts that cause multiple authentication errors
- Maltrail: Malicious traffic detection system
- Alternative to Endpoint Protector?
- Firewall rules beyond "deny incoming, enable only the ports that you need"
-
A note from our sponsor - SaaSHub
www.saashub.com | 29 Mar 2024
Index
What are some of the best open-source intrusion-detection projects? This list will help you:
Project | Stars | |
---|---|---|
1 | OSQuery | 21,261 |
2 | Fail2Ban | 10,198 |
3 | maltrail | 5,696 |
4 | OSSEC | 4,239 |
5 | Pi.Alert | 1,848 |
6 | ipban | 1,483 |
7 | Pi.Alert | 1,358 |
8 | Digital-Forensics-Guide | 1,304 |
9 | acra | 1,285 |
10 | Open-Source-Security-Guide | 832 |
11 | picosnitch | 566 |
12 | wazuh-docker | 552 |
13 | wazuh-dashboard-plugins | 376 |
14 | psad | 373 |
15 | Intrusion-Detection-System-Using-Machine-Learning | 310 |
16 | Pi.Alert | 271 |
17 | py-idstools | 268 |
18 | osquery-extensions | 258 |
19 | wazuh-ansible | 246 |
20 | wazuh-documentation | 159 |
21 | weakforced | 117 |
22 | MStream | 102 |
23 | wazuh-packages | 85 |