Security Onion Solutions

Security Onion Pro

Features

•

Services

•

Coverage

•

Comparison

•

FAQ

Security Onion Pro

Powerful features and personalized support offered for enterprise customers!

Enterprise Features

Security Onion Pro includes enterprise-grade features commonly used by medium to large enterprises and government organizations. Below are a few of these powerful features described in more detail.

Notifications

By default, no outbound notifications are enabled in a Security Onion installation. However, with the Pro license applied to a grid, outbound notifications, such as emails, Slack messages, and much more, can be quickly configured via the Configuration screen.

Open ID Connect (OIDC)

Security Onion Console (SOC) supports single sign-on (SSO) authentication via OpenID Connect (OIDC) to one of several OIDC-compatible identity providers. For example, users can log in to Security Onion using an Active Directory user, a GitHub user, a Google account, an Auth0 account, etc.

DoD-Compliant Protections

The Pro license offers DoD Security Technical Implementation Guide (STIG) compliance for CAT 1 issues of the OS. Federal Information Processing Standards (FIPS) and storage-level AES 256 encryption (LUKS) are included.

And Much More!

There are a number of other useful features included with Security Onion Pro. Refer to the comparison chart below to see all the amazing features the Pro license has to offer!

Pro Support and Services

In addition to its many powerful features, the Pro license also includes a number of support and service perks for enterprise customers!

Higher Priority Service Level Agreements (SLAs)

Security Onion Pro includes a one-business-day initial response SLA. A four-business-hour initial response SLA is also available.

Support Hours

For customers running Security Onion on their hardware or smaller SOS appliances, purchasing Security Onion Pro includes professional services and support time. Services include architecture planning, deployment, tuning, break/fix support, parsing, and more. Additional hours packages are available.

Offline Update Service Shipments

For airgap deployments, Security Onion Pro includes shipments of up to two free offline updates per year, when requested.

Health Checks

Security Onion Pro includes two free one-hour health checks per year. Our Security Onion experts will assist in reviewing the health and state of your grid.

Pro Hardware and Coverage

Included with Larger Hardware Appliances

Security Onion Pro is included with many of our larger hardware appliance models, such as the SOS SN7200, SOS SNNV, and SOS GoFast, at no additional charge. See our full appliance list on the Hardware page.

Broad Grid Coverage

The standard Pro license includes licensing for up to ten Security Onion nodes, with additional node packs available for purchase. Additionally, we offer licenses for smaller grids, such as a single standalone node.

Community vs Pro Comparison

	Community Community	Pro Pro
Flexible Installation Options
Internet-connected and airgap
Alerting
Triggers host and network (NIDS) alerts and provides user interface with drilldown, acknowledgement, and escalation
Threat Hunting
Focused Hunt interface
Dashboards with Visualizations
Includes prebuilt and supports custom dashboards
Case Management
Escalate events and track observables
Analyzers
Gather context of observables
Detections
Import and manage Sigma, Suricata, and YARA rules
Audit Trail
Automatically capture case and detection change history
User Management
Includes Role-Based Access Control (RBAC)
Web-Based UI Configuration
Easily modify and customize grid configuration
Grid Management
Manage grid node membership within the SOC UI
Grid Monitoring
Monitor grid status and health
Grid Remote Control
Reboot nodes, import events, and more
Cyberchef Integration
Perform simple and complex data manipulation tasks quickly in a web browser
Packet Metadata
Parse and classify network traffic at OSI layers 3, 4, and 7 using Zeek or Suricata
Packet Capture (PCAP) Storage and Retrieval
View and download raw packet data using Stenographer or Suricata
Endpoint Monitoring
Monitor organization's entire digital footprint for software changes and much more
Fleet Integration
Monitor status of endpoints
Fully Scalable Deployments
Add new sensor and search nodes as your enterprise grows
Intrusion Detection Honeypots (IDH)
Build IDH nodes which mimic services and connect these nodes to your Security Onion grid
Mitre ATT&CK Navigator
Use the Navigator to visualize defensive coverage
Limited Live Response
Use osquery to collect data on the fly or on a schedule from your endpoints and servers
Playbooks and Guided Analysis
Guided Analysis leverages Playbooks to help you investigate alerts
Open ID Connect (OIDC)
SSO authentication to Security Onion Console (SOC) via popular OIDC providers
Data at Rest Encryption
Storage-level AES 256 encryption (LUKS)
Federal Information Processing Standards (FIPS)
Standardized security policy compliance for your enterprise
STIG Compliance for the OS
Strict organizational policy compliance for CAT 1 issues of the OS
Connect API
Integrate Security Onion with external systems for automating security processes
External Notifications
Quickly configure outbound notifications when alerts are generated
Time Tracking
Track time spent resolving cases
Guaranteed Message Delivery
Ensure all events and logs are recorded using Kafka
Active Query Management
View and cancel long-running Elastic queries
Manager of Managers (MoM)
Manage multiple grids from a single SOC login (additional licensing requirements may apply)
MCP Server
Interface your AI/LLM platform to your Security Onion grid, allowing AI to query alerts, playbooks, and more.
Onion AI Security Assistant
AI-powered security assistant for enhanced threat analysis and response
Splunk App
Automated, periodic ingest of Security Onion alerts into Splunk via the Security Onion Connect API. Security Onion Solutions does not provide support for this feature.
Hardware Virtualization
This feature is especially helpful if you want to optimize your hardware's potential and expand your Elastic performance and retention. Available on select hardware.
Reporting
Run built-in case or productivity reports, export SOC data to CSV files, and even create your own custom reports, or customize our built-in reports.
Enhanced SLA Options
Additional Service Level Agreements (SLAs) available
Professional Support
Professional services and email/phone/screenshare support hours included
Airgap Update Assistance
Physical media provided up to twice per year
Health Checks
Includes two health checks of your Security Onion grid per year

F.A.Q.

If I purchase Security Onion Pro, do I have to rebuild my existing deployment?

In most cases, you can simply add the Security Onion Pro license key to your existing deployment to enable the enterprise features. An exception would be things like disk encryption that must be enabled during installation.

If I am a free user and won't be purchasing Security Onion Pro, will there be any changes?

No, you can continue using the existing Security Onion features that you use today.

Do firewalls, endpoints, and other external data sources count as nodes?

No. The license is based on the number of nodes running Security Onion which are joined to the Security Onion Pro grid. Examples include Manager Node, Receiver Nodes, Search Nodes, Forward Nodes, Heavy Nodes, IDH Nodes, Fleet Nodes, etc. Pricing is not tied to the number of data sources.

I am an existing paid customer of Security Onion Solutions. Do I need to purchase Pro to access its capabilities?

You may qualify for Security Onion Pro at little or no additional cost. Contact your account manager for details.

How long are licenses valid?

You can purchase Security Onion Pro for 1-5 year terms.

Does Security Onion Pro automatically renew?

No. Security Onion Solutions will contact you in advance of your renewal date to start the renewal process.

Is Security Onion Pro supported in my hybrid grid?

Yes! You can run Security Onion in hybrid grids of cloud images, customer hardware, and Security Onion appliances. Contact us for additional details.

What if my grid exceeds the number of nodes in my license?

You can acquire additional node packs and receive a new license key to use without impacting the data in your current grid.

What happens when the license expires?

The Security Onion Console (SOC) will remind users starting 45 days before license expiration. If the license expires, Security Onion will revert to community Security Onion until the license key is updated. If you intend to let your license expire, you should notify the Security Onion Solutions Support Team in advance.

Does the license include higher tier licensing for Elastic or other products within Security Onion?

At this time, no other paid licenses are included with Security Onion Pro.

Can I buy the license through a reseller?

Yes. Contact us for more details.

Is an evaluation license available?

Your organization may be eligible for an evaluation license. Contact us for more details.

Ready to purchase or need more information?