Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
☆4,434Feb 27, 2026Updated this week
Alternatives and similar repositories for securityonion
Users that are interested in securityonion are comparing it to the libraries listed below
Sorting:
- Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.☆14,881Updated this week
- Open Cyber Threat Intelligence Platform☆8,960Updated this week
- Main Sigma Rule Repository☆10,156Updated this week
- Digging Deeper....☆3,784Updated this week
- Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management☆3,105Apr 16, 2021Updated 4 years ago
- Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.☆7,496Updated this week
- TheHive is a Collaborative Case Management Platform, now distributed as a commercial version☆3,891Jul 25, 2025Updated 7 months ago
- MISP (core software) - Open Source Threat Intelligence and Sharing Platform☆6,150Updated this week
- Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…☆2,344Feb 19, 2026Updated 2 weeks ago
- Small and highly portable detection tests based on MITRE's ATT&CK.☆11,632Updated this week
- Automated Adversary Emulation Platform☆6,781Updated this week
- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OIS…☆6,022Updated this week
- IntelOwl: manage your Threat Intelligence at scale☆4,467Updated this week
- A Suricata based NDR distribution☆1,588Sep 13, 2025Updated 5 months ago
- 🍯 T-Pot - The All In One Multi Honeypot Platform 🐝☆8,819Jan 29, 2026Updated last month
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,037Feb 24, 2026Updated last week
- The Hunting ELK☆3,912Jun 1, 2024Updated last year
- ✨ A curated list of awesome threat detection and hunting resources 🕵️♂️☆4,517Jan 5, 2026Updated 2 months ago
- Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabl…☆27,300Updated this week
- A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering env…☆8,396Dec 23, 2025Updated 2 months ago
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,515Jan 12, 2026Updated last month
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,492Jan 12, 2026Updated last month
- Six Degrees of Domain Admin☆10,540Aug 1, 2025Updated 7 months ago
- Detect Tactics, Techniques & Combat Threats☆2,264Jan 21, 2026Updated last month
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,460Updated this week
- Automate the creation of a lab environment complete with security tooling and logging best practices☆4,908Jul 6, 2024Updated last year
- Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.☆2,208Updated this week
- A curated list of awesome YARA rules, tools, and people.☆4,146Feb 25, 2026Updated last week
- SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.☆16,832Dec 15, 2024Updated last year
- The FLARE team's open-source tool to identify capabilities in executable files.☆5,844Feb 27, 2026Updated last week
- A repository of sysmon configuration modules☆2,987Aug 21, 2024Updated last year
- Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mand…☆7,529Oct 16, 2025Updated 4 months ago
- A curated list of tools for incident response☆8,842Jul 18, 2024Updated last year
- Cortex: a Powerful Observable Analysis and Active Response Engine☆1,552Nov 26, 2025Updated 3 months ago
- In-depth attack surface mapping and asset discovery☆14,193Updated this week
- Arkime is an open source, large scale, full packet capturing, indexing, and database system.☆7,310Updated this week
- A curated list of Awesome Threat Intelligence resources☆9,847Jan 19, 2026Updated last month
- Adversary Emulation Framework☆10,759Updated this week
- Open Source Vulnerability Management Platform☆6,284Feb 13, 2026Updated 2 weeks ago