intrusion-detection

Top 23 intrusion-detection Open-Source Projects

  • OSQuery

    SQL powered operating system instrumentation, monitoring, and analytics.

    Project mention: Osquery: An sqlite3 virtual table exposing operating system data to SQL | news.ycombinator.com | 2024-02-25

    There's at least one open data quality issue for `process_open_sockets` on macOS[1]. It's a few years old however and, if you aren't seeing that casting error, you probably aren't hitting it. But that's a good example of the kind of debt that's been built up over time.

    (In terms of general purpose/flexible tooling, I'm not aware of a close replacement for osquery.)

    [1]: https://github.com/osquery/osquery/issues/6319

  • Fail2Ban

    Daemon to ban hosts that cause multiple authentication errors

    Project mention: Looking for a way to remote in to K's of raspberry pi's... | /r/sysadmin | 2023-12-10

    now some things you need to think about: - cloud init - this will need to be secure so lock it down hard anything not needed an alternative OS to look at if you have the ability's is https://www.alpinelinux.org/ also as these devices are not that powerfull every extra agent / abstaction layer you add impacts performance need to look at low over head security https://www.crowdsec.net/ and https://github.com/fail2ban/fail2ban (if you call fail2ban security) - using certificates to authenticate ssh login

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • maltrail

    Malicious traffic detection system

    Project mention: Maltrail: Malicious traffic detection system | /r/selfhosted | 2023-07-05

    I just wanted to tell you about Maltrail (https://github.com/stamparm/maltrail/).

  • OSSEC

    OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

    Project mention: Local ignore rule on manager not working | /r/Wazuh | 2023-05-04
  • Pi.Alert

    WIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices

    Project mention: Alternative for Pi-Alert | /r/selfhosted | 2023-12-08

    When using PiAlert make sure you use the fork https://github.com/jokob-sk/Pi.Alert and not the very outdated original.

  • ipban

    Since 2011, IPBan is the worlds most trusted, free security software to block hackers and botnets. With both Windows and Linux support, IPBan has your dedicated or cloud server protected. Upgrade to IPBan Pro today and get a discount. Learn more at ↓

    Project mention: Well I'm ready to throw in the towel - public IP to 3389 | /r/sysadmin | 2023-12-07
  • Pi.Alert

    💻🔍 WIFI / LAN intruder detector. Scans for devices connected to your network and alerts you if new and unknown devices are found. (by jokob-sk)

    Project mention: Alternative for Pi-Alert | /r/selfhosted | 2023-12-08

    When using PiAlert make sure you use the fork https://github.com/jokob-sk/Pi.Alert and not the very outdated original.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • Digital-Forensics-Guide

    Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

    Project mention: Most used DFIR tools | /r/cybersecurity | 2023-12-10

    If you're looking to learn on your own, try mikeroyal's digital forensics guide on Github. There's a lot of recommended resources there that'll speed you up. https://github.com/mikeroyal/Digital-Forensics-Guide

  • acra

    Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL. (by cossacklabs)

    Project mention: acra: NEW Data - star count:1212.0 | /r/algoprojects | 2023-09-08
  • Open-Source-Security-Guide

    Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

  • picosnitch

    Monitor Network Traffic Per Executable, Beautifully Visualized

    Project mention: Linux runtime security agent powered by eBPF | news.ycombinator.com | 2023-10-19

    Yep, and from my experience too (made a tool that monitors network traffic with eBPF [1]) in addition to those issues there is also a sizable latency hit.

    [1] https://github.com/elesiuta/picosnitch

  • wazuh-docker

    Wazuh - Docker containers

    Project mention: Wazuh Docker Single Node. 500 error after changing admin password | /r/Wazuh | 2023-07-31

    Now based on my reading of https://github.com/wazuh/wazuh-docker/issues/775This is means i should enter the indexer container and run securityadmin after setting the environment variables specified in the docs....I did this. The command completes successfully with no errors.

  • wazuh-dashboard-plugins

    Plugins for Wazuh Dashboard

    Project mention: SCA module | /r/Wazuh | 2023-08-11

    By the way, is there any way to initiate a force scan whenever we want without having to modify the configuration file for the time interval? According to this link "https://github.com/wazuh/wazuh-kibana-app/issues/3878," there is supposedly a button to force a specific agent to perform a scan. However, I'm using version 4.4.5 and I don't have access to that functionality.

  • psad

    psad: Intrusion Detection and Log Analysis with iptables

  • Intrusion-Detection-System-Using-Machine-Learning

    Code for IDS-ML: intrusion detection system development using machine learning algorithms (Decision tree, random forest, extra trees, XGBoost, stacking, k-means, Bayesian optimization..)

  • Pi.Alert

    Scan the devices connected to your WIFI / LAN and alert you the connection of unknown devices. It also warns if a "always connected" device disconnects. In addition, it is possible to check web services for availability. For this purpose HTTP status codes and the response time of the service are evaluated. (by leiweibau)

    Project mention: Pi.Alert using increasing number of arp-scan processes simultaneously | /r/pihole | 2023-07-05

    For those of you who may seek help on this subject, kind leiweibau helped me in this and that conversations. There is a better and actively developed fork of this project in leiweibau's github repo. So you may want to use it.

  • py-idstools

    idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)

    Project mention: Regex Challenge - Field Extraction | /r/Splunk | 2023-06-12

    I like this a lot. We have a in-house Snort 2 forwarder that does a similar thing with https://github.com/jasonish/py-idstools and forwards the result directly using HEC. We could use the same code base for dnstap if we wanted.

  • osquery-extensions

    osquery extensions by Trail of Bits

  • wazuh-ansible

    Wazuh - Ansible playbook

  • wazuh-documentation

    Wazuh - Project documentation

    Project mention: wazuh-archive* index not found in Stack Management / Index Patterns. | /r/Wazuh | 2023-05-12
  • weakforced

    Anti-Abuse for servers at authentication time

  • MStream

    Anomaly Detection on Time-Evolving Streams in Real-time. Detecting intrusions (DoS and DDoS attacks), frauds, fake rating anomalies. (by Stream-AD)

  • wazuh-packages

    Wazuh - Tools for packages creation

    Project mention: Help: Dashboard installation failing with "can't read etc/opensearch_dashboards.yml no such file or directory" | /r/Wazuh | 2023-12-06

    found something from GitHub discussions; was able to remove a pre-removal-script first:

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-02-25.

intrusion-detection related posts

Index

What are some of the best open-source intrusion-detection projects? This list will help you:

Project Stars
1 OSQuery 21,261
2 Fail2Ban 10,198
3 maltrail 5,696
4 OSSEC 4,239
5 Pi.Alert 1,848
6 ipban 1,483
7 Pi.Alert 1,358
8 Digital-Forensics-Guide 1,304
9 acra 1,285
10 Open-Source-Security-Guide 832
11 picosnitch 566
12 wazuh-docker 552
13 wazuh-dashboard-plugins 376
14 psad 373
15 Intrusion-Detection-System-Using-Machine-Learning 310
16 Pi.Alert 271
17 py-idstools 268
18 osquery-extensions 258
19 wazuh-ansible 246
20 wazuh-documentation 159
21 weakforced 117
22 MStream 102
23 wazuh-packages 85
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com