SecOnion

Open Source NSM tools that are included in the Security Onion distribution (min requirements) 

• Bro - A powerful network analysis framework 

• ELSA - Centralized syslog framework that is built on Syslog-NG, MySQL, and Sphinx full-text search. It provides a fully asynchronous web-based query interface that normalizes logs and makes searching billions of them for arbitrary strings as easy as searching the web. It also includes tools for assigning permissions for viewing the logs, email-based alerts, scheduled queries, and graphing.

• Netsniff-ng - Linux networking toolkit

• OSSEC - Open Source host-based IDS, or HIDS; log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting, and active response.

• Sguil - Sguil (pronounced "sgweel") is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to real-time events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis.

• Snort - Snort is an Open Source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and over 500,000 registered users, Snort has become the de facto standard for IPS.

• Squert - Squert is a web application that is used to query and view event data that is stored in a Sguil database (typically IDS alert data). Squert is a visual tool that attempts to provide additional context to events by using metadata, time series representations and weighted and logically grouped result sets.

• Suricata - The Suricata engine is an Open Source next-generation intrusion detection and prevention engine