Host-based intrusion detection system comparison

Last updated

Comparison of host-based intrusion detection system components and systems.

Contents

Free and open-source software

As per the Unix philosophy a good HIDS is composed of multiple packages each focusing on a specific aspect.

PackageLast Update Debian Official Repositories AlmaLinux Official Repositories openSUSE Official RepositoriesFileNetworkLogs Config Notes
OSSEC 2025No [1] No [2] Yes [3] YesYesYesYes
Wazuh2025 [4] NoNo?YesYesYesYes
Samhain 2023Yes [5] NoYes [6] YesNoPartial [7]
Snort 2025 [8] Yes [9] No [10] NoNoYesNo
chkrootkit 2023Yes [11] NoYesYesNoPartial [12]
rkhunter 2018Yes [13] Yes [14] YesYesNoNoYes
unhide [15] 2012Yes [16] Yes [17] YesNoNoNoproc ps compare
Sguil 2017NoNoNoNoYesNo
Logwatch [18] 2017Yes [19] Yes [20] YesNoNoYes
Logcheck [21] 2017Yes [22] Yes [23] YesNoNoYes
Epylog [24] 2014Yes [25] Yes [26] YesNoNoYes
SWATCH [27] 2015Yes [28] Yes [29] YesNoNoYes
sagan 2021Yes [30] NoNoNoNoYes
aide 2025Yes [31] Yes [32] YesYesNoNoyesuses libs for routines
tripwire 2018Yes [33] Yes [34] YesYesNoNo
Tiger 2018Yes [35] NoNoYesNoNoYes3/42 modules are Debian specific.

Proprietary software

PackageYear [36] LinuxWindowsFileNetworkLogsConfigNotes
Lacework 2018YesNoYesYesYesYes
Verisys2018YesYesYesYesYes
Nessus 2017YesYesYes
Atomicorp 2019YesYesYesYesYesYesCommercially enhanced version of OSSEC
Spartan 2021NoYesYesYesYesYesWebsocket API, IP to Country mapping, DynDNS Integration

References

  1. "Downloads OSSEC". OSSEC. Retrieved 2017-10-19. OSSEC for Debian Based systems
  2. "Downloads OSSEC". OSSEC. Retrieved 2017-10-29. OSSEC for RHEL/Fedora Based systems
  3. "ossec-hids". openSUSE OBS. Retrieved 2024-08-11. An Open Source Host-based Intrusion Detection System
  4. "Wazuh documentation Release notes" . Retrieved 2025-07-16.
  5. "Samhain". Ubuntu. Retrieved 2017-04-19. Samhain in the Ubuntu Repositories
  6. "Samhain". openSUSE OBS. Retrieved 2024-08-11. File integrity and host-based IDS
  7. Last
  8. "snort3/snort3 Releases" . Retrieved 2025-07-16.
  9. "Snort". Ubuntu. Retrieved 2017-04-19. Snort in the Ubuntu Repositories
  10. "Snort". Cisco Systems. Retrieved 2017-05-31. Snort in the CentOS Repositories
  11. "ChkRootkit". Ubuntu. Retrieved 2017-04-19. ChkRootkit in the Ubuntu Repositories
  12. lastlog, wtmp, utmp, wtmpx
  13. "RKHunter". Ubuntu. Retrieved 2017-04-19. RKHunter in the Ubuntu Repositories
  14. "RKHunter". Ubuntu. Retrieved 2017-04-19. RKHunter in the CentOS Repositories
  15. "unhide". debian. Retrieved 2017-04-17.unhide is notable because it's part of Debian and Fedora
  16. "UnHide". Ubuntu. Retrieved 2017-04-19. UnHide in the Ubuntu Repositories
  17. "UnHide". Ubuntu. Retrieved 2017-04-19. UnHide in the CentOS Repositories
  18. "Logwatch". debian. Retrieved 2017-04-17. Logwatch is notable because it's part of Debian and Fedora
  19. "LogWatch". Ubuntu. Retrieved 2017-04-19. LogWatch in the Ubuntu Repositories
  20. "LogWatch". Ubuntu. Retrieved 2017-04-19. LogWatch in the CentOS Repositories
  21. "Logcheck". debian. Retrieved 2017-04-17. Logcheck is notable because it's part of Debian and Fedora
  22. "Logcheck". Ubuntu. Retrieved 2017-04-19. Logcheck in the Ubuntu Repositories
  23. "Logcheck". Ubuntu. Retrieved 2017-04-19. Logcheck in the CentOS Repositories
  24. "Epylog". debian. Retrieved 2017-04-17. Epylog is notable because it's part of Debian and Fedora
  25. "Epylog". Ubuntu. Retrieved 2017-04-19. Epylog in the Ubuntu Repositories
  26. "Epylog". Ubuntu. Retrieved 2017-04-19. Epylog in the CentOS Repositories
  27. "SWATCH". debian. Retrieved 2017-04-17. SWATCH is notable because it's part of Debian and Fedora
  28. "SWATCH". Ubuntu. Retrieved 2017-04-19. SWATCH in the Ubuntu Repositories
  29. "SWATCH". Ubuntu. Retrieved 2017-04-19. SWATCH in the CentOS Repositories
  30. "Sagan". Ubuntu. Retrieved 2017-04-19. Sagan in the Ubuntu Repositories
  31. "AIDE". Ubuntu. Retrieved 2017-04-19. AIDE in the Ubuntu Repositories
  32. "AIDE". Ubuntu. Retrieved 2017-04-19. AIDE in the CentOS Repositories
  33. "Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the Ubuntu Repositories
  34. "Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the CentOS Repositories
  35. "Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the Ubuntu Repositories
  36. Last updated