security-onion VS Wazuh

Compare security-onion vs Wazuh and see what are their differences.

security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management (by Security-Onion-Solutions)
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
security-onion Wazuh
3 151
2,900 8,876
- 7.5%
3.9 10.0
almost 3 years ago 1 day ago
C
- GNU General Public License v3.0 or later
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

security-onion

Posts with mentions or reviews of security-onion. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-02-02.

Wazuh

Posts with mentions or reviews of Wazuh. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-12-07.
  • Update vulnerability databases through proxy with authentication
    3 projects | /r/Wazuh | 7 Dec 2023
    By now I've set up the offline updates part and ran straight into https://github.com/wazuh/wazuh/issues/20573 when I also tried to enable the Ubuntu checks. FML.
    3 projects | /r/Wazuh | 7 Dec 2023
    I've found https://github.com/wazuh/wazuh/issues/1112 which suggested to basically include the "http_proxy" and "https_proxy" environment variable definitions in "/lib/systemd/system/wazuh-manager.service" (updated path compared to the github issue).
    3 projects | /r/Wazuh | 7 Dec 2023
    Seems like something that should be documented somewhere more official than a random reddit post for sure. Added it to https://github.com/wazuh/wazuh/issues/1112 for good measure.
  • Risks of hosting a website out of my house
    2 projects | /r/HomeNetworking | 6 Nov 2023
    Monitoring & Active Measures - Exporting firewall events to an external time-series database like I describe above is good to see who is touching your firewall or accessing your web site. Using an Intrusion Detection System / Intrusion Prevention System (IDS/IPS) such as open-source Suricata, which is a free package on pfSense, and deploying file system integrity monitoring, such as the open-source Wazuh on the exposed server are also good approaches to protecting yourself.
  • DevOps and Security: DevSecOps
    3 projects | dev.to | 5 Jun 2023
    Wazuh: An open source security monitoring platform that integrates with popular tools like Elasticsearch and Kibana to provide comprehensive security event analysis and response capabilities.
  • Another windows 11 thread....
    2 projects | /r/Wazuh | 16 May 2023
    If you can provide us with the following information, we will be able to better assess the problem and confirm that these warnings are caused by issue #15160:
    2 projects | /r/Wazuh | 16 May 2023
    I'm concerned you aren't fully aware of this widely discussed issue; https://github.com/wazuh/wazuh/issues/15160
  • Vulnerability overview
    4 projects | /r/Wazuh | 10 May 2023
    On another note, as mentioned in my response to the question of this post, we are working on a complete rework of the Vulnerability Detection engine. This rework will provide a sanitized CVEs feed from wazuh.com and a completely new scanner engine. It will also include a new UI for global queries.
    4 projects | /r/Wazuh | 10 May 2023
  • Alternative to Endpoint Protector?
    2 projects | /r/selfhosted | 6 May 2023
    Maybe you can take a look at wazuh? https://wazuh.com/

What are some alternatives?

When comparing security-onion and Wazuh you can also consider the following projects:

OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

openvas-scanner - This repository contains the scanner component for Greenbone Community Edition.

Snort - Snort++

crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.

OSQuery - SQL powered operating system instrumentation, monitoring, and analytics.

Grafana - The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.

velociraptor - Digging Deeper....

Fleet - Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

pfSense - Main repository for pfSense

sigma - Main Sigma Rule Repository

lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.