Intrusion Detection Tools, Software & Systems

Finding out who is doing what or your network is vital “day to day” management for any IT Networking professional. Hopefully some of the tools listed in our updated 2019 resource will help you with your tasks.



who is trying to sneak in?

In this resource we list a bunch of ‘Intrusion Detection Systems’ software solutions.

Intrusion Detection Systems or simply ‘IDS’ to those in the know, is a software application that is considered as being a vital component within the security ‘defensive in depth’ or ‘layered defence’ – something which is very fashionable at the moment.

For those that are completely new to the world of IDS’s, an IDS is a device or software application that is typically embedded in standalone hardware that monitors a network or systems for malicious activity or policy violations. When a hacker tries to enter a controlled network the IDS is (meant to) kick-in and notify the IT Admin Staff/ Security Team or System Administrators.


Tool Category: Intrusion Detection Systems


What is Snort?
Snort is an open source network intrusion detection system (NIDS) and network intrusion prevention system (NIPS) that is created by Martin Roesch. Since 2013, Snort has been owned by Cisco. Snort entered as one of the greatest open source software of all time in InfoWorld’s Open Source Hall of Fame in 2009.

Is Snort Free?
No, Snort is a commercial tool.

Does Snort Work on all Operating Systems?
Snort works on Windows, Linux and MAC OS X operating systems.

What are the Typical Uses for Snort?
This tool is used to detect attacks or probes, including, but not limited to, common gateway interface, operating system fingerprinting, server message block probes, buffer overflows and stealth port scans. It also has the ability to perform packet logging on IP networks and real-time analysis.


Tool Category: Intrusion Detection Systems


What is Honeyd?
Created by Niels Provos, Honeyd is an open source program that enable users to create and run virtual hosts on various computer networks. Users can configure these virtual hosts to mimic different types of servers, enabling them to simulate a never ending number of computer network configurations.

Is Honeyd Free?
Yes, Honeyd is free of charge.

Does Honeyd Work on all Operating Systems?
Honeyd works on Linux operating systems.

What are the Typical Uses for Honeyd?
Honeyd is used primarily in the field of computer security. By using the tool’s ability to mimic several network hosts at once, Honeyd can act as a distraction to threats. If for example, a network has 2 real servers and only one of it is running Honeyd, it will appear that the network is running hundreds of servers to an attacker giving more time for the user to caught the hacker.


Tool Category: Intrusion Detection Systems


OSSEC HIDS is a multi-platform, scalable and open source host based intrusion detection system that has a great and powerful correlation and analysis engine.

Yes, downloading and use of this product is free of charge.

Does OSSEC HIDS Work on all Operating Systems?
It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.

What are the Typical Uses for OSSEC HIDS?
OSSEC HIDS performs integrity checking, log analysis, time-based alerting, log analysis and active response. It is commonly used as a solution to SEM/SIM and because of its great log analysis engine, a lot of universities, ISPs and companies are running this tool to monitor and analyze their IDS, firewalls, authentication logs and web servers.


Tool Category: Intrusion Detection Systems


What is OSSIM?
OSSIM provides all of the features that a security professional needs from a SIEM offering – event collection, normalization, and correlation. Established and launched by security engineers out of necessity, OSSIM was created with an understanding of the reality many security professionals face: a SIEM is useless without the basic security controls necessary for security visibility.

AlienVault provides ongoing development for OSSIM because we believe that everyone should have access to sophisticated security technologies; this includes the researchers who need a platform for experimentation, and the unsung heroes who can’t convince their companies that security is a problem.

Is OSSIM Free?
Yes OSSIM is free to use.

Does OSSIM Work on all Operating Systems?
OSSIM only works for Linux operating systems.

What are the Typical Uses for OSSIM?
The primary use of this tool is give a detailed compilation of tools which, when united will grant security and network administrators with a detailed view over each aspect of hosts, physical access devices, networks and servers. This tool incorporates several tools including OSSEC HIDS and Nagios.


Tool Category: Intrusion Detection Systems


What is Sguil?
Sguil which is written in tcl/tk, is build for network security analysts. Main component of this tool is an intuitive GUI that gives access to session data, realtime events and raw packet captures. It also facilitates the practuce of event driven analysis and network security monitoring.

Sguil is built by network security analysts for network security analysts. Sguil’s main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis. The Sguil client is written in tcl/tk.

Is Sguil Free?
Yes, the use of this product is free.

Does Sguil Work on all Operating Systems?
Sguil can be run on any operating system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).

What are the Typical Uses for Sguil?
Sguil is used to tie your IDS alerts into a database of TCP/IP sessions, packet logs, full content and other information. For most of its data, Sguil uses a backend which enable users to perform SQL queries against various types of security events.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.