Community-supported view of Intrusion Detection and Intrusion Prevention Systems. Focus on open source technologies, methods, and data analysis related to IDS/IPS.

Related categories 1

A free lightweight network intrusion detection system for UNIX and Windows.
ACID (Analysis Console for Intrusion Databases)
Powerful PHP-based data analysis tool for network security events captured by many common IDS tools, including snort and tcpdump.
Advanced Intrusion Detection Environment
AIDE is a file integrity checker that supports regular expressions. Licensed with GPL.
Provides open source application to check for presence of rootkits installed on Linux/Unix machines. Links to security related sites.
fail2ban is a POSIX/Linux tool used to ban IP addresses that generate too many password failures. ssh, iptables, ipfwadm and ipfw are currently supported.
Firestorm Network Intrusion Detection System
Firestorm is a high-performance GPL-licensed network intrusion detection system (NIDS). Features include being fully pluggable, easily configurable, and an extremely scalable signature engine.
Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet or for network monitoring. For *BSD, GNU/Linux, and Solaris.
LAk Intrusion Prevention System
A single compilation of source, binaries, scripts and whitepapers on intrusion prevention systems. The aim is to quickly establish a working IPS within minutes.
Network-IDS that detects and stops DoS/DDoS attacks by using real-time Cisco NetFlow data.
PreludeIDS Technologies
Distributed hybrid IDS framework, that collects and aggregates event reports from available security systems, and analyses them on a central system.
QuIDScor IDS/VA correlation
QuIDScor is an Open Source project demonstrating the value in correlating information between Intrusion Detection Systems (such as Snort) and vulnerability assessment and management platforms such as QualysGuard.
Rootkit Hunter
Open-source GPL rootkit scanner for Unix-like systems. Scans for rootkits, trojans, backdoors and local exploits. Tests include scanning of plaintext and binary files for MD5 hash comparisons, default rootkit files, binary permissions, suspect LKM/KLD module strings, and hidden files.
Shadow Intrusion and Network Analysis
Shadow is an intrusion-detection system from the Naval Surface Warfare Center, shows promise in detecting previously unknown attacks for which no known detection signatures exist.
sLink project
sLink consists of a daemon and a suite of cgi programs which provide a web administration interface to an EDM/BOSCH Solution16 Alarm Panel.
Perl-based log analysis tool that summarizes network security events from any native snort database format.
Systrace (Interactive Policy Generation for System Calls)
Systrace enforces system call policies for applications by interactively constraining the application's access to the system (*bsd and Linux). Systrace is able to monitor daemons on remote machines and generate warnings at a central location.
[Uncle Mozzie]
Last update:
July 8, 2015 at 16:24:14 UTC
All Languages