Snort 3: A New Engine for Modern Intrusion Detection For years, Snort was the de facto standard in open-source intrusion detection. With Snort 3, it’s not just a rewrite — it’s a rework from the ground up. Modular architecture, Lua scripting, multi-threading — this version finally brings Snort in line with the demands of modern, high-throughput networks.

Still free, still powerful, still Cisco-backed — but now more flexible and scalable than ever. What’s New (and Why It Matters)

OSSEC: Host-Based Intrusion Detection That’s Still in the Fight When network-level firewalls aren’t enough and you need to keep a close eye on what’s happening inside your machines, OSSEC still holds its ground. It’s a mature, open-source HIDS (Host-based Intrusion Detection System) that monitors logs, file integrity, rootkits, and active responses — all from a lightweight agent setup.

No cloud lock-in, no subscription wall. Just a proven, scriptable tool that can scale from one Linux VM to hun

Wazuh: Open XDR Platform Built on Top of OSSEC Wazuh started as a fork of OSSEC — and then took off in its own direction. Today it’s a full-featured open-source XDR platform combining host-based intrusion detection, log analysis, vulnerability detection, compliance auditing, and SIEM features — all in one stack.

It still uses the agent-based architecture from OSSEC, but adds a modern backend with Elasticsearch, Kibana, a RESTful API, and scalable cluster support. If OSSEC is the engine, Wazuh i

CrowdSec: Collaborative Defense for Modern Linux Systems CrowdSec isn’t just another intrusion prevention tool — it’s a new kind of approach. At its core, it’s an open-source, behavior-based detection engine for Linux servers, containers, and cloud infrastructure. But what makes it different is its crowdsourced threat intelligence: when one server detects malicious behavior, the entire network benefits.

Think of it as Fail2Ban on steroids, built for the cloud, and powered by a global community