Top pick
Network security monitor producing rich logs (conn, DNS, HTTP, SSL, files) for analytics—not a classic IDS signature engine.
nsmnetworksocthreat-huntinglogs
Browse & filter
Filter by platform, license text, maturity, maintenance cadence, and editorial tags like privacy-focused or self-hosted. Search matches names, summaries, tags, and use cases.
5 tools match your filters
Also strong
Collaborative intrusion prevention: parse logs, apply scenarios, share reputation (optional), and block via bouncers (firewall, nginx, Cloudflare).
ipsblockingreputationlogsself-hosted
Top pick
Daemon that watches logs and updates firewall rules to ban brute-force sources (SSH, mail, web, etc.).
brute-forcefirewallsshlinuxlogs
Honorable mention
Host-based IDS: log analysis, file integrity monitoring, rootcheck, and active response—ancestor lineage to Wazuh.
hidsfimlogscompliancelegacy
Honorable mention
Rapidly search and hunt through Windows event logs (EVTX) using Sigma-like rules and built-in threat detections.
dfirwindowsevtxthreat-huntinglogs