100 Open source projects that are alternatives of or similar to Snort Rules

BSM based intrusion detection system

Wazuh - Ruleset

WIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices

Simple Implementation of Network Intrusion Detection System. KddCup'99 Data set is used for this project. kdd_cup_10_percent is used for training test. correct set is used for test. PCA is used for dimension reduction. SVM and KNN supervised algorithms are the classification algorithms of project. Accuracy : %83.5 For SVM , %80 For KNN

An extremely crude, lightweight Web Frontend for Suricata/Bro to be used with BriarIDS

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

Wazuh - The Open Source Security Platform

Wazuh - Tools for packages creation

Daemon to ban hosts that cause multiple authentication errors

Real-time HTTP Intrusion Detection

Wazuh - Chef cookbooks

Wazuh - Docker containers

idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)

Wazuh - Kibana plugin

Wazuh - Ansible playbook

SQL powered operating system instrumentation, monitoring, and analytics.

tamper resistant audit log

Network Intrusion Detection KDDCup '99', NSL-KDD and UNSW-NB15

psad: Intrusion Detection and Log Analysis with iptables

VGG-19 deep learning model trained using ISCX 2012 IDS Dataset

Open-Source Security Architecture | 开源安全架构

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

An Intrusion Detection System library loosely based on PHP IDS

A HIDS (host-based intrusion detection system) for verifying the integrity of a system.

Libellux: Up & Running provides documentation on how-to install open-source software from source. The focus is Zero Trust Network to enhance the security for existing applications or install tools to detect and prevent threats.

gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that you can join on Google Groups: https://groups.google.com/forum/#!topic/gonids/

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.

SIAC is an enterprise SIEM built on open-source technology.

The DearBytes remote integrity tool is an IDS (Intrusion Detection System) that keeps track of files on a remote server and logs an event if a file gets added, removed or modified.

Super short, fully unique, non-sequential and URL friendly Ids

Detect and warn about suspicious IPs logging into Nextcloud

Fastest UUID with cryptographic PRNG for JS

A small JavaScript library to generate YouTube-like ids from numbers.

A lightweight tool to score network traffic and flag anomalies

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

Anti-Abuse for servers at authentication time

An Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk

A Suricata Docker image.

A Suricata based IDS/IPS distro

64 bit ID Generator

A utility to generate malicious network traffic and evaluate controls

Anomaly Detection on Time-Evolving Streams in Real-time. Detecting intrusions (DoS and DDoS attacks), frauds, fake rating anomalies.

Anomaly Detection on Dynamic (time-evolving) Graphs in Real-time and Streaming manner. Detecting intrusions (DoS and DDoS attacks), frauds, fake rating anomalies.

Zeek IDS Dockerfile

Wazuh - Project documentation

By Kprobe technology Open Source Host-based Intrusion Detection System(HIDS), from E_Bwill.

Wazuh - Puppet module

BRO/Zeek IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to capture and index BRO/Zeek logs coming from a remote sensor.

Solutions to kdd99 dataset with Decision tree and Neural network by scikit-learn

Blackbook of malware domains

[ICMLC 2018] A Neural Network Architecture Combining Gated Recurrent Unit (GRU) and Support Vector Machine (SVM) for Intrusion Detection

A small PHP library to generate YouTube-like ids from numbers. Use it when you don't want to expose your database ids to the user.

高效的分布式id生成器，每个客户端实例tps可达到100万，服务端毫无压力。即使服务端宕机了，id生成依然可用。支持多数据中心，支持id加密。

Malicious traffic detection system

Centralize Management of Intrusion Detection System like Suricata Bro Ossec ...

Hashids implementation in Rust

Suitably random and reasonably unique human readable (and fairly adorable) ids

Suricata IDS rules 用来检测红队渗透/恶意行为等，支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等

Fragscapy is a command-line tool to fuzz network protocols by automating the modification of outgoing network packets. It can run multiple successive tests to determine which options can be used to evade firewalls and IDS.