Free Security Operations Tools
Run an effective security operations centre with free and open source tools. Browse SIEM platforms, SOAR automation, log management, and threat detection tools for SOC teams.
Showing 24 of 411 tools
grafana
grafana/grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
PowerShell
PowerShell/PowerShell
PowerShell for every system!
awx
ansible/awx
AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
wazuh
wazuh/wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
awesome-security
sbilly/awesome-security
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
crowdsec
crowdsecurity/crowdsec
CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
quickemu
quickemu-project/quickemu
Quickly create and run optimised Windows, macOS and Linux virtual machines
test-your-sysadmin-skills
trimstray/test-your-sysadmin-skills
A collection of Linux Sysadmin Test Questions and Answers. Test your knowledge and skills in different fields with these Q/A.
pyroscope
grafana/pyroscope
Continuous Profiling Platform. Debug performance issues down to a single line of code
90DaysOfCyberSecurity
farhanashrafdev/90DaysOfCyberSecurity
This repository contains a 90-day cybersecurity study plan, along with resources and materials for learning various cybersecurity concepts and technologies. The plan is organized into daily tasks, covering topics such as Network+, Security+, Linux, Python, Traffic Analysis, Git, ELK, AWS, Azure, and Hacking. The repository also includes a `LEARN.md
sigma
SigmaHQ/sigma
Main Sigma Rule Repository
devops-resources
bregman-arie/devops-resources
DevOps resources - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP
pipeline
tektoncd/pipeline
A cloud-native Pipeline resource.
falco
falcosecurity/falco
Cloud Native Runtime Security
anteon
getanteon/anteon
Anteon (formerly Ddosify) - Effortless Kubernetes Monitoring and Performance Testing. Available on CLI, Self-Hosted, and Cloud
school-of-sre
linkedin/school-of-sre
At LinkedIn, we are using this curriculum for onboarding our entry-level talents into the SRE role.
graylog2-server
Graylog2/graylog2-server
Free and open log management
beehive
muesli/beehive
A flexible event/agent & automation system with lots of bees 🐝
lefthook
evilmartians/lefthook
Fast and powerful Git hooks manager for any type of projects.
rundeck
rundeck/rundeck
Enable Self-Service Operations: Give specific users access to your existing tools, services, and scripts
flagsmith
Flagsmith/flagsmith
Flagsmith is an open source feature flagging and remote config service. Self-host or use our hosted version at https://app.flagsmith.com.
cortex
cortexproject/cortex
A horizontally scalable, highly available, multi-tenant, long term Prometheus.
Azure-Sentinel
Azure/Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
nifi
apache/nifi
Apache NiFi
Related Security Domains
Frequently Asked Questions
What is a SIEM and do I need one?
A SIEM (Security Information and Event Management) system collects, correlates, and analyzes log data from across your environment to detect threats in real time. Any organization with more than a handful of systems benefits from a SIEM. Free options include Wazuh, Elastic SIEM, and Graylog.
What is the best free SIEM platform?
Wazuh is the most widely deployed free SIEM, combining log analysis, file integrity monitoring, vulnerability detection, and compliance reporting. Elastic SIEM (part of the Elastic Stack) is powerful for large-scale deployments. Graylog offers excellent log management with security analytics.
What is SOAR?
SOAR (Security Orchestration, Automation, and Response) platforms automate repetitive SOC tasks — alert triage, threat enrichment, and incident response workflows. Free SOAR tools include TheHive with Cortex, Shuffle, and n8n configured for security workflows.
How do I build a SOC on a budget?
A cost-effective SOC stack typically includes: Wazuh (SIEM/EDR), Suricata (network IDS), TheHive (case management), MISP (threat intelligence), and Shuffle (SOAR). This open source stack provides enterprise-grade capabilities at near-zero licensing cost.