Security Onion 2
Overview
Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
Security Onion includes a native web interface with built-in tools analysts use to respond to alerts, hunt for evil, catalog evidence into cases, monitor grid performance, and much more. Additionally, third-party tools, such as Elasticsearch, Logstash, Kibana, Suricata, Zeek (formerly known as Bro), Wazuh, Stenographer, CyberChef, NetworkMiner, and many more are included.
Highly Scalable
From a single network appliance, to a grid of a thousand nodes, Security Onion scales to fit your specific needs.
Open Community
Security Onion and the tools we integrate are all open to the public, written by members of the cyber security community. Source code is available in GitHub for review by those interested in understanding how the system works, behind the scenes.
Use Cases
NIDS
Collect network events from Zeek, Suricata, and other tools for complete coverage of your network. Cast a wide net to catch the bad guys quickly and easily.
HIDS
Security Onion supports several host-based event collection agents including Wazuh, Beats, and osquery. Just point them to your installation and it's off to the races.
Static Analysis (PCAP and EVTX Import)
Use Security Onion to import full packet capture files for quick static analysis and case studies. Spin up a virtual machine quickly and get started in just a few minutes. Includes support for Windows Event logs.
SOC Workstation
A workstation install option is also available for SOC analysts to use local Linux tools to perform analysis of network and host events. No need to install extra tools, we bundle all the apps you might need.
Included Features
Use our Alerts interface to review and manage alerts generated by Security Onion.
Data Types
Agent
Information gathered from agent software
Beats, Wazuh, osquery
Alert
Judgment made by a product about an event
Suricata, Wazuh
Asset
Metadata about hosts on the network
Zeek
Extracted Content
Rebuilt elements of a session and extracted metadata
Zeek
Full Content
All packets on the network
Stenographer
Session
Detail about conversations between hosts
Zeek, Suricata
Transaction
Generated logs based on network traffic protocols
Zeek, Suricata
Let Security Onion Solutions take care of the hardware and setup, so you can focus on threat hunting.