Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
☆4,662Jun 26, 2026Updated last week
Alternatives and similar repositories for securityonion
Users that are interested in securityonion are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.☆15,981Updated this week
- Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management☆3,128Apr 16, 2021Updated 5 years ago
- Main Sigma Rule Repository☆10,665Jun 24, 2026Updated last week
- Digging Deeper....☆4,066Jun 24, 2026Updated last week
- Open Cyber Threat Intelligence Platform☆9,612Updated this week
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.☆7,752Updated this week
- TheHive is a Collaborative Case Management Platform, now distributed as a commercial version☆3,928Jul 25, 2025Updated 11 months ago
- MISP (core software) - Open Source Threat Intelligence and Sharing Platform☆6,379Jun 26, 2026Updated last week
- Small and highly portable detection tests based on MITRE's ATT&CK.☆12,142Jun 24, 2026Updated last week
- Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…☆2,443Jun 17, 2026Updated 2 weeks ago
- Automated Adversary Emulation Platform☆7,063Jun 23, 2026Updated last week
- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OIS…☆6,419Jun 27, 2026Updated last week
- A Suricata based NDR distribution☆1,591Sep 13, 2025Updated 9 months ago
- IntelOwl: manage your Threat Intelligence at scale☆4,610Updated this week
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- 🍯 T-Pot - The All In One Multi Honeypot Platform 🐝☆9,312Jun 23, 2026Updated last week
- The Hunting ELK☆3,926Jun 1, 2024Updated 2 years ago
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,238Updated this week
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,507Jan 12, 2026Updated 5 months ago
- A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering env…☆8,808Jun 23, 2026Updated last week
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,598Jan 12, 2026Updated 5 months ago
- ✨ A curated list of awesome threat detection and hunting resources 🕵️♂️☆4,656Jan 5, 2026Updated 6 months ago
- Six Degrees of Domain Admin☆10,560Mar 2, 2026Updated 4 months ago
- Detect Tactics, Techniques & Combat Threats☆2,303Jun 2, 2026Updated last month
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Automate the creation of a lab environment complete with security tooling and logging best practices☆4,992Jul 6, 2024Updated last year
- Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.☆2,332Jun 26, 2026Updated last week
- Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabl…☆29,391Updated this week
- ☆2,405Oct 14, 2023Updated 2 years ago
- A repository of sysmon configuration modules☆3,066Jun 25, 2026Updated last week
- Arkime is an open source, large scale, full packet capturing, indexing, and database system.☆7,407Updated this week
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,573May 9, 2026Updated last month
- A curated list of awesome YARA rules, tools, and people.☆4,238Jun 15, 2026Updated 2 weeks ago
- Sysmon configuration file template with default high-quality event tracing☆5,567Jul 3, 2024Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.☆19,212Apr 13, 2026Updated 2 months ago
- The FLARE team's open-source tool to identify capabilities in executable files.☆6,083Updated this week
- Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mand…☆7,701Oct 16, 2025Updated 8 months ago
- Cortex: a Powerful Observable Analysis and Active Response Engine☆1,590May 20, 2026Updated last month
- ☆62Jun 25, 2026Updated last week
- A curated list of tools for incident response☆9,127May 6, 2026Updated last month
- This repository contains the scanner component for Greenbone Community Edition.☆4,680Jun 26, 2026Updated last week