🐷 Snort
Snort is a free open source network intrusion detection system and intrusion prevention system created in 1998 by Martin Roesch, founder and former CTO of Sourcefire. Snort is now developed by Cisco, which purchased Sourcefire in 2013.
🐒 Suricata
Suricata is an open source-based intrusion detection system and intrusion prevention system. It was developed by the Open Information Security Foundation. A beta version was released in December 2009, with the first standard release following in July 2010
Zeek is a free and open-source software network analysis framework. Vern Paxson began development work on Zeek in 1995 at Lawrence Berkeley National Lab. Zeek is a network security monitor but can also be used as a network intrusion detection system. The Zeek project releases the software under the BSD license.
Slips is a behavioral intrusion prevention system that uses machine learning to detect malicious behaviors in the network traffic. Slips is designed to focus on targeted attacks, detection of command and control channels, and to provide a good visualisation for the analyst. It can analyze network traffic in real time, network captures such as pcap files, and network flows produced by Suricata, Zeek/Bro and Argus. Slips processes the input, analyzes it, and highlights suspicious behaviour that needs the analyst's attention.