# security-onion-solutions/securityonion

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/security-onion-solutions-securityonion).**

4,661 stars · 652 forks · Shell · NOASSERTION

## Links

- GitHub: https://github.com/Security-Onion-Solutions/securityonion
- Homepage: https://securityonion.net
- awesome-repositories: https://awesome-repositories.com/repository/security-onion-solutions-securityonion.md

## Description

Security Onion is a security information and event management platform and network security monitoring suite. It functions as an intrusion detection system and a network traffic analysis tool designed to identify malicious activity and network intrusions through signature-based detection and host-based monitoring.

The platform integrates a security case management system to organize investigations by tracking detections and grouping related security events. It provides capabilities for full packet capture, network metadata extraction, and the collection and indexing of security logs from diverse sources.

The system covers a broad range of security operations, including security incident investigation, threat hunting workflows, and security log aggregation. It utilizes a unified web console to analyze security events and alerts, and incorporates artificial intelligence to assist in the investigation of security data.

## Tags

### Part of an Awesome List

- [Security Logging and SIEM](https://awesome-repositories.com/f/awesome-lists/data/security-logging-and-siem.md) — Implements a full security information and event management platform for aggregating and analyzing security event data.
- [Network Security Monitoring](https://awesome-repositories.com/f/awesome-lists/security/network-security-monitoring.md) — Functions as a comprehensive network security monitoring suite for capturing and analyzing traffic to detect malicious activity. ([source](https://github.com/security-onion-solutions/securityonion#readme))
- [Security Lab Environments](https://awesome-repositories.com/f/awesome-lists/devops/security-lab-environments.md) — Linux distribution for intrusion detection and enterprise security monitoring.

### Data & Databases

- [Log Aggregators](https://awesome-repositories.com/f/data-databases/log-aggregators.md) — Centralizes security event logs from diverse distributed sources into a unified searchable store.

### Networking & Communication

- [Full Packet Capture Systems](https://awesome-repositories.com/f/networking-communication/full-packet-capture-systems.md) — Provides a full packet capture system that records raw network traffic to disk for retrospective forensic analysis.
- [Raw Packet Inspection](https://awesome-repositories.com/f/networking-communication/packet-capture-drivers/raw-packet-inspection.md) — Enables the capture and inspection of raw network packets for detailed forensic investigation of security incidents.
- [Traffic Metadata Generation](https://awesome-repositories.com/f/networking-communication/geographic-traffic-routing/routing-metadata-providers/network-element-metadata/traffic-metadata-generation.md) — Extracts high-level summaries of network connections to streamline the process of threat hunting. ([source](https://github.com/security-onion-solutions/securityonion#readme))

### Security & Cryptography

- [Incident Investigation Tools](https://awesome-repositories.com/f/security-cryptography/incident-investigation-tools.md) — Includes utilities for analyzing suspicious data and performing retrospective forensic analysis of raw packets.
- [Unified Incident Investigation Consoles](https://awesome-repositories.com/f/security-cryptography/incident-investigation-tools/unified-incident-investigation-consoles.md) — Ships a unified web console that aggregates telemetry and alerts from networks and endpoints for centralized incident assessment.
- [Intrusion Detection Systems](https://awesome-repositories.com/f/security-cryptography/intrusion-detection-systems.md) — Implements intrusion detection systems that monitor network and system activity for malicious behavior.
- [Investigation Case Management](https://awesome-repositories.com/f/security-cryptography/investigation-case-management.md) — Provides a dedicated system for organizing security investigations into tracked cases to group related events and detections.
- [Security Logging Management](https://awesome-repositories.com/f/security-cryptography/security-logging-management.md) — Provides security logging management to collect and index logs from diverse sources for analysis. ([source](https://github.com/security-onion-solutions/securityonion#readme))
- [Network Intrusion Detection](https://awesome-repositories.com/f/security-cryptography/security/operations-and-incident-response/network-intrusion-detection.md) — Identifies malicious network activity using signature-based detection and host-based monitoring systems. ([source](https://github.com/security-onion-solutions/securityonion#readme))
- [Signature-Based Threat Detectors](https://awesome-repositories.com/f/security-cryptography/threat-detection/signature-based-threat-detectors.md) — Uses signature-based threat detection to match network traffic patterns against databases of known malicious activity.
- [Threat Hunting Workflows](https://awesome-repositories.com/f/security-cryptography/threat-detection/threat-hunting-workflows.md) — Supports threat hunting workflows by searching forensic data with custom logic to uncover stealthy activity. ([source](https://github.com/security-onion-solutions/securityonion#readme))

### System Administration & Monitoring

- [Activity Monitors](https://awesome-repositories.com/f/system-administration-monitoring/activity-monitors.md) — Provides activity monitoring to collect and analyze network traffic and host system events for security visibility. ([source](https://github.com/security-onion-solutions/securityonion#readme))
- [Distributed Log Aggregation](https://awesome-repositories.com/f/system-administration-monitoring/distributed-log-aggregation.md) — Implements distributed log aggregation to collect and index security event logs from multiple remote sources.
- [Security Event Monitoring](https://awesome-repositories.com/f/system-administration-monitoring/security-event-monitoring.md) — Offers tools for analyzing security events and searching system logs for malicious patterns via a unified console. ([source](https://github.com/security-onion-solutions/securityonion#readme))
- [Endpoint Activity Monitoring](https://awesome-repositories.com/f/system-administration-monitoring/endpoint-activity-monitoring.md) — Includes endpoint activity monitoring to detect malicious processes and unauthorized changes on host systems.
- [Network Traffic Analysis](https://awesome-repositories.com/f/system-administration-monitoring/network-traffic-analysis.md) — Provides tools for recording raw network packets and extracting metadata for retrospective forensic analysis.
- [Network Metadata Extraction](https://awesome-repositories.com/f/system-administration-monitoring/packet-inspection/packet-drop-logging/packet-metadata-extraction-logging/network-metadata-extraction.md) — Extracts high-level summaries of network connections from raw packets to streamline proactive threat hunting.

### Artificial Intelligence & ML

- [Security Analysis Assistants](https://awesome-repositories.com/f/artificial-intelligence-ml/security-analysis-assistants.md) — Incorporates artificial intelligence to accelerate the analysis and investigation of security data to find threats faster. ([source](https://github.com/security-onion-solutions/securityonion#readme))
