Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
☆4,485Mar 20, 2026Updated this week
Alternatives and similar repositories for securityonion
Users that are interested in securityonion are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.☆15,039Updated this week
- Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management☆3,108Apr 16, 2021Updated 4 years ago
- Main Sigma Rule Repository☆10,224Mar 19, 2026Updated last week
- Open Cyber Threat Intelligence Platform☆9,067Updated this week
- Digging Deeper....☆3,832Updated this week
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.☆7,525Updated this week
- TheHive is a Collaborative Case Management Platform, now distributed as a commercial version☆3,895Jul 25, 2025Updated 8 months ago
- MISP (core software) - Open Source Threat Intelligence and Sharing Platform☆6,195Updated this week
- Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…☆2,362Feb 19, 2026Updated last month
- Small and highly portable detection tests based on MITRE's ATT&CK.☆11,718Mar 18, 2026Updated last week
- Automated Adversary Emulation Platform☆6,831Updated this week
- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OIS…☆6,081Updated this week
- A Suricata based NDR distribution☆1,590Sep 13, 2025Updated 6 months ago
- IntelOwl: manage your Threat Intelligence at scale☆4,505Updated this week
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- 🍯 T-Pot - The All In One Multi Honeypot Platform 🐝☆8,898Mar 14, 2026Updated last week
- The Hunting ELK☆3,913Jun 1, 2024Updated last year
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,062Feb 24, 2026Updated last month
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,516Jan 12, 2026Updated 2 months ago
- A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering env…☆8,454Updated this week
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,508Jan 12, 2026Updated 2 months ago
- ✨ A curated list of awesome threat detection and hunting resources 🕵️♂️☆4,541Jan 5, 2026Updated 2 months ago
- Six Degrees of Domain Admin☆10,558Mar 2, 2026Updated 3 weeks ago
- Detect Tactics, Techniques & Combat Threats☆2,269Jan 21, 2026Updated 2 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- Automate the creation of a lab environment complete with security tooling and logging best practices☆4,921Jul 6, 2024Updated last year
- Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabl…☆27,587Updated this week
- Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.☆2,221Mar 18, 2026Updated last week
- A repository of sysmon configuration modules☆2,996Aug 21, 2024Updated last year
- ☆2,392Oct 14, 2023Updated 2 years ago
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,484Mar 2, 2026Updated 3 weeks ago
- A curated list of awesome YARA rules, tools, and people.☆4,163Mar 16, 2026Updated last week
- Arkime is an open source, large scale, full packet capturing, indexing, and database system.☆7,327Updated this week
- Sysmon configuration file template with default high-quality event tracing☆5,438Jul 3, 2024Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- The FLARE team's open-source tool to identify capabilities in executable files.☆5,890Mar 18, 2026Updated last week
- SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.☆17,147Dec 15, 2024Updated last year
- Cortex: a Powerful Observable Analysis and Active Response Engine☆1,563Nov 26, 2025Updated 3 months ago
- Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mand…☆7,546Oct 16, 2025Updated 5 months ago
- ☆61Updated this week
- A curated list of tools for incident response☆8,901Jul 18, 2024Updated last year
- This repository contains the scanner component for Greenbone Community Edition.☆4,491Updated this week