security-onion
Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management (by Security-Onion-Solutions)
DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices (by clong)
Our great sponsors
| security-onion | DetectionLab | |
|---|---|---|
| 3 | 31 | |
| 2,900 | 4,476 | |
| - | - | |
| 3.9 | 4.4 | |
| about 3 years ago | about 1 year ago | |
| HTML | ||
| - | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
security-onion
Posts with mentions or reviews of security-onion.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-02-02.
-
Just a student who wants to start a carrier in Forensic or pentest
https://github.com/Security-Onion-Solutions/security-onion for play with blue team tools
- FOSS SIEM for homelabs?
-
Application monitoring?
Otherwise, it sounds like a case for SIEM but that can be a huge undertaking. As a trial you could setup a Security Onion Import Node, capture some traffic to a pcap file (via a monitor port and Wireshark etc. or some routers do this natively) and see what it gives you. I have to warn you though, it can be quite overwhelming and is the opening to an immense rabbithole. Godspeed
DetectionLab
Posts with mentions or reviews of DetectionLab.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-25.
-
Cyber Lab Design
I would tell someone they should use a cloud lab like Clong's "Detection Lab" which gives them not only the security aspect but the cloud and engineering aspects as well.
- Home Virtual SIEM Lab Suggestions?
- malware analysis
- Sandbox suggestions for VM isolation & investigations?
- I am kind a lost
-
Work setup
Detection Lab Link: https://github.com/clong/DetectionLab
-
learning splunk. is there a way to "play" with it?
Not sure what your goal with splunk is but I'd recommend Detection lab! Once you get the pre reqs setup, building and tearing down is super easy and you get a pre-baked ad environment to generate logs for you. https://github.com/clong/DetectionLab
-
Tool that automatically generates a realistic office scenario of vms?
I found a great starting point at the repo of DetectionLab : https://github.com/clong/DetectionLab
-
I'm a noob with expensive equipment
While it's true what most are saying, that you don't need a powerful system to learn hacking....... You DO have a valid point that a powerful system enables things a weaker system may not. For example with 64GB of RAM you can run a full network lab simulation such as https://github.com/clong/DetectionLab additionally a solid high end graphics card will let you run things like hashcat a lot faster. In theory you could make a rainbow table. You still need a lot of time to understand all the basics but yeah there's a few cool things you can do with more power it's not ENTIRELY unneeded. I wish I knew about the local defcon group long ago. They're welcoming and some have capture the flags you can play. Understand the various job roles there are in security and figure out which one you like. You get paid to do specific things not just learn about hacking.
-
where does one get experience with SIEM tools
Github DetectioLab
What are some alternatives?
When comparing security-onion and DetectionLab you can also consider the following projects:
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
DetectionLabELK - DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Sending your docker logs - Sending logs from docker containers to Logit.io
vulnerable-AD - Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
cyberchef-recipes - A list of cyber-chef recipes and curated links
Adaz - :wrench: Deploy customizable Active Directory labs in Azure - automatically.
Microsoft-365-Defender-Hunting-Queries - Sample queries for Advanced hunting in Microsoft 365 Defender
DVWA - Damn Vulnerable Web Application (DVWA)
snort-rules - An UNOFFICIAL Git Repository of Snort Rules(IDS rules) Releases. [UnavailableForLegalReasons - Repository access blocked]
HELK - The Hunting ELK
awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things
GOAD - game of active directory
security-onion vs Wazuh
DetectionLab vs DetectionLabELK
security-onion vs Sending your docker logs
DetectionLab vs vulnerable-AD
security-onion vs cyberchef-recipes
DetectionLab vs Adaz
security-onion vs Microsoft-365-Defender-Hunting-Queries
DetectionLab vs DVWA
security-onion vs snort-rules
DetectionLab vs HELK
security-onion vs awesome-pentest
DetectionLab vs GOAD