Creo que es bastante grave el que nadie conozca
OSSIM. Para mi es lo mejor de lo mejor e incluye Nagios entre muchisimas aplicaciones mas de monitoreo/seguridad:
Cita: * Arpwatch, used for mac anomaly detection.
* P0f, used for passive OS detection and os change analisys.
* Pads, used for service anomaly detection.
* Nessus, used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
* Snort, the IDS, also used for cross correlation with nessus.
* Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
* Tcptrack, used for session data information which can grant useful information for attack correlation.
* Ntop, which builds an impressive network information database from which we can get aberrant behaviour anomaly detection.
* Nagios. Being fed from the host asset database it monitors host and service availability information.
* Osiris, a great HIDS.
* OCS-NG, Cross-Platform inventory solution.
* OSSEC, integrity, rootkit, registry detection and more.
Esta suite sumada a WildPackets y Kismet para monitoreo wireless son lo mejorcito.