Host-based intrusion detection system comparison

Comparison of host-based intrusion detection system components and systems.

Package	Updated	Ubuntu Official Repositories	CentOS Official Repositories	openSUSE Official Repositories	File	Network	Logs	Config	Notes
OSSEC	2022	No^[1]	No^[2]	Yes^[3]	Yes	Yes	Yes	Yes
Wazuh	2022	No	No	?	Yes	Yes	Yes	Yes
Samhain	2021	Yes^[4]	No	Yes^[5]	Yes	No	Partial^[6]
Snort	2018	Yes^[7]	No^[8]	No	No	Yes	No
chkrootkit	2023	Yes^[9]	No	Yes	Yes	No	Partial^[10]
rkhunter	2018	Yes^[11]	Yes^[12]	Yes	Yes	No	No	Yes
unhide^[13]	2012	Yes^[14]	Yes^[15]	Yes	No	No	No		proc ps compare
Sguil	2017	No	No	No	No	Yes	No
Logwatch^[16]	2017	Yes^[17]	Yes^[18]	Yes	No	No	Yes
Logcheck^[19]	2017	Yes^[20]	Yes^[21]	Yes	No	No	Yes
Epylog^[22]	2014	Yes^[23]	Yes^[24]	Yes	No	No	Yes
SWATCH^[25]	2015	Yes^[26]	Yes^[27]	Yes	No	No	Yes
sagan	2021	Yes^[28]	No	No	No	No	Yes
aide	2023	Yes^[29]	Yes^[30]	Yes	Yes	No	No
tripwire	2018	Yes^[31]	Yes^[32]	Yes	Yes	No	No
Tiger	2018	Yes^[33]	No	No	Yes	No	No	Yes	3/42 modules are Debian specific.

Package	Year^[34]	Linux	Windows	File	Network	Logs	Config	Notes
Lacework	2018	Yes	No	Yes	Yes	Yes	Yes
Verisys	2018	Yes	Yes	Yes	Yes		Yes
Nessus	2017	Yes	Yes				Yes
Atomicorp	2019	Yes	Yes	Yes	Yes	Yes	Yes	Commercially enhanced version of OSSEC
Spartan	2021	No	Yes	Yes	Yes	Yes	Yes	Websocket API, IP to Country mapping, DynDNS Integration

Free and open-source software