-
OSSEC
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
-
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
It's been a long time since I tried using OSSEC but maybe that would help. It's a Host-based IDS, rather than a network based IDS like Snort. Last time I checked you could point it towards your logs and it will parse them offline similar to how Snort can read a PCAP file.
Wazuh is another HIDS that's variant of OSSEC. ELK would probably help too.
Related posts
-
Free EDR solutions
-
Help: Dashboard installation failing with "can't read etc/opensearch_dashboards.yml no such file or directory"
-
Is there a work around for the Wazuh-agent installer issue with Debian 12?
-
Wazuh installation assistant - Indexer installation
-
"INFO: Could not connect to API id [default]: 3099 - ERROR3099 - Invalid credentials" after fresh install