= Host-based intrusion detection system comparison =

Comparison of host-based intrusion detection system components and systems.

==Free and open-source software==
As per the Unix philosophy a good HIDS is composed of multiple packages each focusing on a specific aspect.
| Package | Last Update | Debian Official Repositories | AlmaLinux Official Repositories | openSUSE Official Repositories | File | Network | Logs | Config | Notes |
| OSSEC | 2025 | | | | | | | | |
| Wazuh | 2025 | | | ? | | | | | |
| Samhain | 2023 | | | | | | | | |
| Snort | 2025 | | | | | | | | |
| chkrootkit | 2023 | | | | | | | | |
| rkhunter | 2018 | | | | | | | | |
| unhide | 2012 | | | | | | | | proc ps compare |
| Sguil | 2017 | | | | | | | | |
| Logwatch | 2017 | | | | | | | | |
| Logcheck | 2017 | | | | | | | | |
| Epylog | 2014 | | | | | | | | |
| SWATCH | 2015 | | | | | | | | |
| sagan | 2021 | | | | | | | | |
| aide | 2025 | | | | | | | yes | uses libs for routines |
| tripwire | 2018 | | | | | | | | |
| Tiger | 2018 | | | | | | | | 3/42 modules are Debian specific. |

==Proprietary software==
| Package | Year | Linux | Windows | File | Network | Logs | Config | Notes |
| Lacework | 2018 | | | | | | | |
| Verisys | 2018 | | | | | | | |
| Nessus | 2017 | | | | | | | |
| Atomicorp | 2019 | | | | | | | Commercially enhanced version of OSSEC |
| Spartan | 2021 | | | | | | | Websocket API, IP to Country mapping, DynDNS Integration |
