Based on our record, osquery should be more popular than snort. It has been mentiond 18 times since March 2021. We are tracking product recommendations and mentions on various public social media platforms and blogs. They can help you identify which product is more popular and what people think of it.
The largest we have successfully deployed is on the OSQuery schema https://osquery.io/ which is 277 tables and lots of business context (malwares, vulnerabilities, Windows registry keys, etc). - Source: Hacker News / 3 months ago
From a self hosted standpoint OSQuery or Wazuh are your best bets for monitoring USB devices. Windows makes blocking really challenging and I’m not aware of any “free” solutions that attempt it. Source: about 1 year ago
Configure auditd to monitor host activity: https://izyknows.medium.com/linux-auditd-for-threat-detection-d06c8b941505 or osquery: https://osquery.io/ (or similar software: filebeat for example). Source: about 1 year ago
OS Query : Easily ask questions about your Linux, Windows, and macOS infrastructure. - Source: dev.to / over 1 year ago
Osquery + Fleet. https://osquery.io/ https://fleetdm.com/, using the two allows you to build a query to answer what ever questions you (or an auditor) might have about your environment. Source: over 1 year ago
Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata... Source: 5 months ago
Okay I figured it out. The problem occurs when you're only using the community rules for Snort. If you go to snort.org and register for a free or subscriber "oink" code, enter the code in pfSense and update the rules then it magically works as expected. My best guess is that unicode information get's added when the new rules are updated. At any rate, this worked for me. Source: about 1 year ago
Snort (not an insult) https://snort.org/. Source: almost 2 years ago
422 supposedly means the requested file doesn't exist, and sure enough if you look on the snort.org rules downloads page there is no file for version 29180. Source: over 2 years ago
Where did you get the sourcecode you are building from? The snort3_extra-3.1.0.0.tar.gz package from the snort.org website doesn't have this stuff in appid_listener_event_handler.cc. Source: about 3 years ago
Tripwire - Open Source Tripwire software is a security and data integrity tool useful for monitoring and...
Suricata - Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine.
Ossec - OSSEC is an Open Source Host-based Intrusion Detection System.
Imunify360 - Imunify360 is a comprehensive security suite for Linux web servers. It includes antivirus, firewall, WAF, PHP Security Layers, Patch Management, Domain reputation with easy UI and advanced automation.
AIDE - AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker.
McAfee Network Security Platform - McAfee Network Security Platform guards all your network-connected devices from zero-day and other attacks, with a cost-effective network intrusion prevention system.