Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
☆4,616May 23, 2026Updated this week
Alternatives and similar repositories for securityonion
Users that are interested in securityonion are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.☆15,636May 19, 2026Updated last week
- Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management☆3,114Apr 16, 2021Updated 5 years ago
- Main Sigma Rule Repository☆10,480Updated this week
- Digging Deeper....☆3,973Updated this week
- Open Cyber Threat Intelligence Platform☆9,379May 19, 2026Updated last week
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.☆7,665Updated this week
- TheHive is a Collaborative Case Management Platform, now distributed as a commercial version☆3,916Jul 25, 2025Updated 10 months ago
- MISP (core software) - Open Source Threat Intelligence and Sharing Platform☆6,311Updated this week
- Small and highly portable detection tests based on MITRE's ATT&CK.☆11,994Updated this week
- Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…☆2,416Updated this week
- Automated Adversary Emulation Platform☆6,984Updated this week
- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OIS…☆6,327Updated this week
- A Suricata based NDR distribution☆1,589Sep 13, 2025Updated 8 months ago
- IntelOwl: manage your Threat Intelligence at scale☆4,578Updated this week
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- 🍯 T-Pot - The All In One Multi Honeypot Platform 🐝☆9,219Mar 14, 2026Updated 2 months ago
- The Hunting ELK☆3,925Jun 1, 2024Updated last year
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,169Updated this week
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,505Jan 12, 2026Updated 4 months ago
- A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering env…☆8,679Apr 28, 2026Updated 3 weeks ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,559Jan 12, 2026Updated 4 months ago
- ✨ A curated list of awesome threat detection and hunting resources 🕵️♂️☆4,598Jan 5, 2026Updated 4 months ago
- Six Degrees of Domain Admin☆10,539Mar 2, 2026Updated 2 months ago
- Detect Tactics, Techniques & Combat Threats☆2,292Apr 29, 2026Updated 3 weeks ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Automate the creation of a lab environment complete with security tooling and logging best practices☆4,962Jul 6, 2024Updated last year
- Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.☆2,304May 14, 2026Updated last week
- Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabl…☆28,713May 18, 2026Updated last week
- A repository of sysmon configuration modules☆3,038Aug 21, 2024Updated last year
- Arkime is an open source, large scale, full packet capturing, indexing, and database system.☆7,380Updated this week
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,554May 9, 2026Updated 2 weeks ago
- ☆2,405Oct 14, 2023Updated 2 years ago
- A curated list of awesome YARA rules, tools, and people.☆4,200Mar 16, 2026Updated 2 months ago
- Sysmon configuration file template with default high-quality event tracing☆5,531Jul 3, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.☆17,848Apr 13, 2026Updated last month
- The FLARE team's open-source tool to identify capabilities in executable files.☆6,017Updated this week
- Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mand…☆7,650Oct 16, 2025Updated 7 months ago
- Cortex: a Powerful Observable Analysis and Active Response Engine☆1,582Updated this week
- ☆61Updated this week
- A curated list of tools for incident response☆9,052May 6, 2026Updated 2 weeks ago
- This repository contains the scanner component for Greenbone Community Edition.☆4,614Updated this week