BRO/Zeek IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to capture and index BRO/Zeek logs coming from a remote sensor.

This project aims to enhance intrusion detection using Security Onion by integrating machine learning models for improved alert prioritization.

Collection of PatternDB files to parse Ubiquiti Unifi events into Security Onion's Syslog-NG and ELSA

Standalone Security Onion Setup + Network Simulation using Two Devices

Presenting a guide and systematic methodology for implementing securityonion / ELK elastic search stack. Checklists, Samples, Tips, and Tricks

Test your IDS with a simple python2.7 SCAPY tool.

Security Onion Packet Capture Download scripts

YARA signature | YARA rule for Detecting Voldemort Malware

Blocks IP addresses via the Security Onion Console.

A Security Onion deployment project for intrusion detection and log analysis. Includes standalone, pfSense, internal, and cloud scenarios with Suricata, Zeek, Wazuh, and ELK stack integration.

Security Operations Center: pfSense firewall, Security Onion IDS/IPS, Splunk SIEM, Wazuh EDR and Microsoft Defender for Endpoint — multi-layered threat monitoring, detection and incident response

Simulated cybersecurity homelab using a 7-VM setup including a defense and an attack box

Self-hosted NetBird VPN with Security Onion SIEM integration. Zero-trust mesh networking for secure cloud-local connectivity. 14.7M+ events monitored.

Documentation of my home lab which includes 5 virtual machines: pfSense, a Windows jump box, Ubuntu osTicket, Active Directory, and Security Onion.

A simulated Security Operations Center (SOC) lab built with VirtualBox. This repository documents full kill-chain cyber attacks, Suricata NIDS detection validation, and a custom Python-based SOAR implementation that interacts with the Elasticsearch API to automate firewall containment.