Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
☆4,588Apr 30, 2026Updated this week
Alternatives and similar repositories for securityonion
Users that are interested in securityonion are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.☆15,486Updated this week
- Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management☆3,116Apr 16, 2021Updated 5 years ago
- Main Sigma Rule Repository☆10,386Updated this week
- Digging Deeper....☆3,936Updated this week
- Open Cyber Threat Intelligence Platform☆9,231Updated this week
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.☆7,605Updated this week
- TheHive is a Collaborative Case Management Platform, now distributed as a commercial version☆3,913Jul 25, 2025Updated 9 months ago
- MISP (core software) - Open Source Threat Intelligence and Sharing Platform☆6,264Apr 29, 2026Updated last week
- Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…☆2,395Updated this week
- Small and highly portable detection tests based on MITRE's ATT&CK.☆11,888Updated this week
- Automated Adversary Emulation Platform☆6,931Updated this week
- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OIS…☆6,206Updated this week
- A Suricata based NDR distribution☆1,591Sep 13, 2025Updated 7 months ago
- IntelOwl: manage your Threat Intelligence at scale☆4,560Updated this week
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- 🍯 T-Pot - The All In One Multi Honeypot Platform 🐝☆9,130Mar 14, 2026Updated last month
- The Hunting ELK☆3,921Jun 1, 2024Updated last year
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,135Updated this week
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,511Jan 12, 2026Updated 3 months ago
- A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering env…☆8,620Apr 28, 2026Updated last week
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,544Jan 12, 2026Updated 3 months ago
- ✨ A curated list of awesome threat detection and hunting resources 🕵️♂️☆4,580Jan 5, 2026Updated 4 months ago
- Six Degrees of Domain Admin☆10,532Mar 2, 2026Updated 2 months ago
- Detect Tactics, Techniques & Combat Threats☆2,286Apr 29, 2026Updated last week
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Automate the creation of a lab environment complete with security tooling and logging best practices☆4,954Jul 6, 2024Updated last year
- Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.☆2,274Updated this week
- Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabl…☆28,199Updated this week
- A repository of sysmon configuration modules☆3,031Aug 21, 2024Updated last year
- Arkime is an open source, large scale, full packet capturing, indexing, and database system.☆7,362Updated this week
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,534Updated this week
- A curated list of awesome YARA rules, tools, and people.☆4,189Mar 16, 2026Updated last month
- ☆2,403Oct 14, 2023Updated 2 years ago
- Sysmon configuration file template with default high-quality event tracing☆5,499Jul 3, 2024Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.☆17,658Apr 13, 2026Updated 3 weeks ago
- Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mand…☆7,581Oct 16, 2025Updated 6 months ago
- The FLARE team's open-source tool to identify capabilities in executable files.☆5,982Apr 28, 2026Updated last week
- Cortex: a Powerful Observable Analysis and Active Response Engine☆1,574Mar 24, 2026Updated last month
- ☆61Updated this week
- A curated list of tools for incident response☆9,009Jul 18, 2024Updated last year
- In-depth attack surface mapping and asset discovery☆14,484Apr 17, 2026Updated 2 weeks ago