Security Onion is a platform built by defenders for defenders. It includes network visibility, host visibility, intrusion detection honeypots, log management, and case management.

Security Onion generates NIDS (Network Intrusion Detection System) alerts by monitoring your network traffic and looking for specific fingerprints and identifiers that match known malicious, anomalous, or otherwise suspicious traffic. This is signature-based detection so you might say that it’s similar to antivirus signatures for the network, but it’s a bit deeper and more flexible than that. NIDS alerts are generated by Suricata.

This is free and open source software.