The Open Vulnerability Assessment System (OpenVAS) scanner runs many network vulnerability tests (NVTs) against many target hosts and delivers the results. It uses a communication protocol to have client tools (graphical end-user or batched) connect to it, configure and execute a scan and finally receive the results for reporting. Tests are implemented in the form of plugins which need to be updated to cover recently identified security issues. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications. Additional components are: openvas-client to control the scanner, and openvas-manager and openvas-administrator to leverage OpenVAS to a comprehensive vulnerability management solution. OpenVAS is a fork of Nessus.
Snort is a network intrusion detection and prevention system. It is the most widely deployed technology of its kind in the world. It performs detection using a variety of methods including rules-based detection, anomaly detection, and heuristic analysis of network traffic. Its rules language is open source and available to the public as well.
Splunk is an engine for machine data. Use Splunk to collect, index, and harness the fast moving machine data generated by all your applications, servers, and devices: physical, virtual, and in the cloud. Search and analyze all your real-time and historical data from one place. Splunking your machine data lets you troubleshoot problems and investigate security incidents in minutes, not hours or days. Monitor your end-to-end infrastructure to avoid service degradation or outages. Meet compliance mandates at lower cost. Correlate and analyze complex events spanning multiple systems. Gain new levels of operational visibility and intelligence for IT and the business.
Tenable Nessus is a world-leader in active vulnerability scanners. It features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis of your security posture. Nessus scanners may be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks. It is free of charge for personal use in a non-enterprise environment.