Overview
Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
Security Onion includes Elasticsearch, Logstash, Kibana, Suricata, Zeek (formerly known as Bro), Wazuh, Stenographer, TheHive, Cortex, CyberChef, NetworkMiner, and many other security tools.
Highly Scalable
From a single network appliance, to a grid of a thousand nodes, Security Onion scales to fit your specific needs.
Open Community
Security Onion and the tools we integrate are all free and open, written by members of the cyber security community.
Collect network events from Zeek, Suricata, and other tools for complete coverage of your network. Cast a wide net to catch the bad guys quickly and easily.
Security Onion supports several host-based event collection agents including Wazuh, Beats, and osquery. Just point them to your installation and it's off to the races.
Use Security Onion to import PCAP files for quick static analysis and case studies. Spin up a virtual machine quickly and get started in just a few minutes.
A workstation install option is also available for SOC analysts to use local Linux tools to perform analysis of network and host events. No need to install extra tools, we bundle all the apps you might need.
Included Features
Data Types
Agent
Information gathered from agent software
Beats, Wazuh, osquery
Alert
Judgment made by a product about an event
Suricata, Wazuh
Asset
Metadata about hosts on the network
Zeek
Extracted Content
Rebuilt elements of a session and extracted metadata
Zeek
Full Content
All packets on the network
Stenographer
Session
Detail about conversations between hosts
Zeek, Suricata
Transaction
Generated logs based on network traffic protocols
Zeek, Suricata
Let Security Onion Solutions take care of the hardware and setup, so you can focus on threat hunting.