whatisgithub

What is securityonion?

security-onion-solutions/securityonion — explained in plain English

Analysis updated 2026-06-26

4,605ShellAudience · ops devopsComplexity · 4/5Setup · hard

In one sentence

Security Onion is a free, open-source network security monitoring platform that bundles intrusion detection, packet capture, log searching, and alert management under one Linux installation for security teams.

Mindmap

mindmap
  root((securityonion))
    Detection Tools
      Suricata IDS
      Zeek network monitor
      osquery host queries
    Data Layer
      Elasticsearch storage
      Log ingestion
    Web Interfaces
      Alert dashboards
      Case management
      CyberChef analysis
    Audience
      Security teams
      Linux admins
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Set up a dedicated server to monitor your organization's network traffic for intrusions and suspicious behavior.

USE CASE 2

Search and correlate security logs using the built-in Elasticsearch interface and dashboards.

USE CASE 3

Manage and document security incidents end-to-end using the included case management interface.

USE CASE 4

Query the state of connected computers using osquery to check for indicators of compromise.

What is it built with?

ShellElasticsearchSuricataZeekosquery

How does it compare?

security-onion-solutions/securityonionkaitai-io/kaitai_structzimfw/zimfw
Stars4,6054,5994,613
LanguageShellShellShell
Setup difficultyhardmoderateeasy
Complexity4/53/52/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Requires a dedicated Linux server, this branch (2.3) reached end-of-life April 2024, new installs should use the 2.4 branch.

So what is it?

Security Onion is a free, open-source platform designed for organizations that want to monitor their networks and computers for signs of malicious activity. It brings together a collection of well-known security tools under one installation, including systems for detecting intrusions, capturing and inspecting network traffic, storing and searching logs, and managing alerts when something suspicious is found. The platform includes its own web-based interfaces for things like reviewing alerts, building dashboards, searching through recorded activity, and managing security cases when an incident needs to be investigated and documented. Alongside those custom interfaces it bundles third-party tools such as Suricata and Zeek for network monitoring, Elasticsearch for storing and searching large volumes of log data, and osquery for querying the state of individual computers as if they were a database. CyberChef is also included as a utility for decoding and analyzing data in various formats. This particular repository holds version 2.3 of Security Onion. That version reached its end-of-life date in April 2024, meaning it no longer receives updates or support from the maintainers. The README notes that new installations should use the 2.4 branch of the same repository, and existing 2.3 installations have migration documentation available. The README for this branch is minimal and consists mainly of links to external documentation for hardware requirements, download instructions, installation steps, and a FAQ. Security Onion is aimed at security teams, system administrators, and anyone responsible for watching over a network for threats. Setting it up requires a dedicated machine or server, and the platform is best suited to people comfortable with Linux-based systems and network security concepts.

Copy-paste prompts

Prompt 1
How do I migrate an existing Security Onion 2.3 installation to version 2.4?
Prompt 2
What are the hardware requirements for setting up Security Onion on a new dedicated server?
Prompt 3
How do I configure Suricata rules in Security Onion to detect a specific type of network threat?
Prompt 4
How do I search through Zeek network connection logs in Security Onion's web interface?
Prompt 5
How do I create a security case and link alerts to it in Security Onion's case management tool?

Frequently asked questions

What is securityonion?

Security Onion is a free, open-source network security monitoring platform that bundles intrusion detection, packet capture, log searching, and alert management under one Linux installation for security teams.

What language is securityonion written in?

Mainly Shell. The stack also includes Shell, Elasticsearch, Suricata.

How hard is securityonion to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is securityonion for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.