Security-Onion-Solutions / securityonionView external linksLinks
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
☆4,335Feb 7, 2026Updated last week
Alternatives and similar repositories for securityonion
Users that are interested in securityonion are comparing it to the libraries listed below
Sorting:
- Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.☆14,722Updated this week
- Open Cyber Threat Intelligence Platform☆8,212Updated this week
- Main Sigma Rule Repository☆10,109Updated this week
- Digging Deeper....☆3,747Feb 5, 2026Updated last week
- Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management☆3,107Apr 16, 2021Updated 4 years ago
- Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.☆7,463Updated this week
- TheHive is a Collaborative Case Management Platform, now distributed as a commercial version☆3,880Jul 25, 2025Updated 6 months ago
- MISP (core software) - Open Source Threat Intelligence and Sharing Platform☆6,123Updated this week
- Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…☆2,334Jan 30, 2026Updated 2 weeks ago
- Small and highly portable detection tests based on MITRE's ATT&CK.☆11,570Updated this week
- Automated Adversary Emulation Platform☆6,733Updated this week
- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OIS…☆6,000Updated this week
- IntelOwl: manage your Threat Intelligence at scale☆4,445Updated this week
- A Suricata based NDR distribution☆1,590Sep 13, 2025Updated 5 months ago
- 🍯 T-Pot - The All In One Multi Honeypot Platform 🐝☆8,756Jan 29, 2026Updated 2 weeks ago
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,014Feb 4, 2026Updated last week
- The Hunting ELK☆3,913Jun 1, 2024Updated last year
- ✨ A curated list of awesome threat detection and hunting resources 🕵️♂️☆4,496Jan 5, 2026Updated last month
- Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabl…☆26,985Updated this week
- A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering env…☆8,338Dec 23, 2025Updated last month
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,514Jan 12, 2026Updated last month
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,475Jan 12, 2026Updated last month
- Six Degrees of Domain Admin☆10,537Aug 1, 2025Updated 6 months ago
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,440Oct 12, 2025Updated 4 months ago
- Detect Tactics, Techniques & Combat Threats☆2,263Jan 21, 2026Updated 3 weeks ago
- Automate the creation of a lab environment complete with security tooling and logging best practices☆4,901Jul 6, 2024Updated last year
- SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.☆16,633Dec 15, 2024Updated last year
- A curated list of awesome YARA rules, tools, and people.☆4,136Mar 26, 2025Updated 10 months ago
- Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.☆2,183Updated this week
- The FLARE team's open-source tool to identify capabilities in executable files.☆5,813Feb 5, 2026Updated last week
- A repository of sysmon configuration modules☆2,968Aug 21, 2024Updated last year
- Cortex: a Powerful Observable Analysis and Active Response Engine☆1,545Nov 26, 2025Updated 2 months ago
- A curated list of tools for incident response☆8,808Jul 18, 2024Updated last year
- Arkime is an open source, large scale, full packet capturing, indexing, and database system.☆7,300Updated this week
- Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mand…☆7,529Oct 16, 2025Updated 3 months ago
- Adversary Emulation Framework☆10,673Updated this week
- In-depth attack surface mapping and asset discovery☆14,103Updated this week
- A curated list of Awesome Threat Intelligence resources☆9,741Jan 19, 2026Updated 3 weeks ago
- Malwoverview is a rapid response tool used to gather intelligence information from VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malsh…☆3,531Jan 20, 2026Updated 3 weeks ago