[PLUG] Question on intrusion detection software
website reader
website.reader3 at gmail.com
Tue Jan 4 22:58:04 UTC 2022
To all:
Now that an executive for a respected System Security auditing system for
linux replied to me that the best bet was to look for intrusion detection
software, I am soliciting comments upon a "free" or reasonably priced (<
$100) package.
I just came across this now from Comparitech :
Here’s our list of the Best Intrusion Detection System Software and Tools:
1. SolarWinds Security Event Manager EDITOR’S CHOICE Analyzes logs from
Windows, Unix, Linux, and Mac OS systems. It manages data collected by
Snort, including real-time data. SEM is also an intrusion prevention
system, shipping with over 700 rules to shut down malicious activity. An
essential tool for improving security, responding to events and achieving
compliance.
( I checked $2613 to start)
2. CrowdStrike Falcon (FREE TRIAL) A cloud-based endpoint protection
platform that includes threat hunting.
3. ManageEngine EventLog Analyzer (FREE TRIAL) A log file analyzer that
searches for evidence of intrusion.
4. Snort Provided by Cisco Systems and free to use, leading network-based
intrusion detection system software.
5. OSSEC Excellent host-based intrusion detection system that is free to
use.
6. Suricata Network-based intrusion detection system software that operates
at the application layer for greater visibility.
7. Zeek Network monitor and network-based intrusion prevention system.
8. Sagan Log analysis tool that can integrate reports generated on snort
data, so it is a HIDS with a bit of NIDS.
9. Security Onion Network monitoring and security tool made up of elements
pulled in from other free tools.
10. AIDE The Advanced Intrusion Detection Environment is a HIDS for Unix,
Linux, and Mac OS
OpenWIPS-NG Wireless NIDS and intrusion prevention system from the makers
of Aircrack-NG.
11. Samhain Straightforward host-based intrusion detection system for Unix,
Linux, and Mac OS.
12. Fail2Ban Lightweight host-based intrusion detection software system for
Unix, Linux, and Mac OS.
Any comments on the above? Is OSSEC a good choice? I have 2 linux systems
which need intrusion detection (and probably network intrusion detection)
Randall
More information about the PLUG
mailing list