BRO/Zeek IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to capture and index BRO/Zeek logs coming from a remote sensor.
-
Updated
Apr 12, 2020
#
security-onion
Here are 18 public repositories matching this topic...
This project aims to enhance intrusion detection using Security Onion by integrating machine learning models for improved alert prioritization.
python security data-science machine-learning jupyter-notebook cybersecurity network-security intrusion-detection-system security-onion
-
Updated
Sep 25, 2024 - Jupyter Notebook
Collection of PatternDB files to parse Ubiquiti Unifi events into Security Onion's Syslog-NG and ELSA
-
Updated
Apr 24, 2017
Standalone Security Onion Setup + Network Simulation using Two Devices
-
Updated
Jul 6, 2024
Presenting a guide and systematic methodology for implementing securityonion / ELK elastic search stack. Checklists, Samples, Tips, and Tricks
-
Updated
Dec 29, 2020
Test your IDS with a simple python2.7 SCAPY tool.
-
Updated
Apr 20, 2018 - Python
Security Onion Packet Capture Download scripts
-
Updated
Nov 10, 2019 - Python
YARA signature | YARA rule for Detecting Voldemort Malware
splunk malware threat-hunting cuckoo yara security-onion soar edr voldemort yara-rule voldemort-malware
-
Updated
Sep 9, 2024 - YARA
Security Operations Center: pfSense firewall, Security Onion IDS/IPS, Splunk SIEM, Wazuh EDR and Microsoft Defender for Endpoint — multi-layered threat monitoring, detection and incident response
splunk incident-response cybersecurity siem pfsense soc network-security security-onion wazuh security-lab security-operations-center
-
Updated
Jan 12, 2026
A Security Onion deployment project for intrusion detection and log analysis. Includes standalone, pfSense, internal, and cloud scenarios with Suricata, Zeek, Wazuh, and ELK stack integration.
-
Updated
Aug 12, 2025
Full-stack enterprise security lab - firewall segmentation, SIEM/EDR, AD, and attack simulation on a single host.
portfolio virtualbox firewall incident-response active-directory cybersecurity xdr siem homelab ipfire security-onion blue-team edr threat-detection home-lab detection-engineering atomic-red-team soc-analyst soc-lab soc-engineering
-
Updated
Apr 10, 2026 - Shell
Security Onion
-
Updated
Apr 10, 2026 - Shell
Python-based port scan detection pipeline using Zeek logs
-
Updated
Mar 19, 2026 - Python
Self-hosted NetBird VPN with Security Onion SIEM integration. Zero-trust mesh networking for secure cloud-local connectivity. 14.7M+ events monitored.
-
Updated
Jan 21, 2026 - HTML
Operational Hybrid SOC — Microsoft Sentinel + Wazuh + Security Onion | Detection Engineering | Incident Response
incident-response cybersecurity soc proxmox homelab security-onion wazuh kql detection-engineering microsoft-sentinel
-
Updated
Apr 8, 2026 - Shell
A simulated Security Operations Center (SOC) lab built with VirtualBox. This repository documents full kill-chain cyber attacks, Suricata NIDS detection validation, and a custom Python-based SOAR implementation that interacts with the Elasticsearch API to automate firewall containment.
automation virtualbox cybersecurity nids kali-linux metasploitable security-onion soar cyber-intelligence
-
Updated
Feb 20, 2026 - Python
Documentation of my home lab which includes 5 virtual machines: pfSense, a Windows jump box, Ubuntu osTicket, Active Directory, and Security Onion.
network-topology active-directory osticket overview security-onion side-projects pfsense-firewall jump-box
-
Updated
Jan 30, 2026
Improve this page
Add a description, image, and links to the security-onion topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the security-onion topic, visit your repo's landing page and select "manage topics."