Passive log analysis software

This page summarizes the projects mentioned and recommended in the original post on /r/AskNetsec
Security Ossec pci-dss Loganalyzer Compliance

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • OSSEC

    OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

    • It's been a long time since I tried using OSSEC but maybe that would help. It's a Host-based IDS, rather than a network based IDS like Snort. Last time I checked you could point it towards your logs and it will parse them offline similar to how Snort can read a PCAP file.

  • Wazuh

    Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

    • Wazuh is another HIDS that's variant of OSSEC. ELK would probably help too.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • kraken

    Cross-platform Yara scanner written in Go (by botherder)

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Free EDR solutions

    4 projects | /r/blueteamsec | 17 Oct 2021

  • Help: Dashboard installation failing with "can't read etc/opensearch_dashboards.yml no such file or directory"

    1 project | /r/Wazuh | 6 Dec 2023

  • Is there a work around for the Wazuh-agent installer issue with Debian 12?

    1 project | /r/Wazuh | 6 Jul 2023

  • Wazuh installation assistant - Indexer installation

    1 project | /r/Wazuh | 21 Mar 2023

  • "INFO: Could not connect to API id [default]: 3099 - ERROR3099 - Invalid credentials" after fresh install

    2 projects | /r/Wazuh | 7 Mar 2023