Explore the top open-source Host-based Intrusion Detection Systems (HIDS) for Linux in 2025. Compare features, use cases, and see which tools are worth deploying.
Countermeasures
Elkeid – A Modern, Scalable HIDS for Cloud-Native Infrastructure
Elkeid is a high-performance, open-source Host-Based Intrusion Detection System (HIDS) built by ByteDance to secure Linux workloads across cloud, container, and hybrid environments. If tools like OSSEC or Snort feel dated in your K8s stack or Falco is too noisy, Elkeid offers a modern alternative with eBPF-based syscall monitoring, Kafka-backed pipelines, and plugin-driven detection logic. […]
Best EDR Of The Market (BEOTM) – Endpoint Detection and Response Testing Tool
BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) tool designed to serve as a testing ground
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts frequently involve a myriad of regular expressions which are not only brittle and error-prone but also proven by Hanson and […]
GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally – this includes code, commits, wiki pages and more. GitLab Watchman searches GitLab for internally shared projects and looks at: Code Commits Wiki pages Issues Merge requests Milestones For the following data: GCP keys and […]