Security Onion is a free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Zeek (formerly known as Bro), Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!Get started!
HIDS alerts from Wazuh and NIDS alerts from Snort/Suricata
Asset Data from Zeek (formerly known as Bro)
Full packet capture from netsniff-ng
Host data via Beats, Wazuh, syslog, and more
Session data from Zeek (formerly known as Bro)
http/ftp/dns/ssl/other logs from Zeek (formerly known as Bro)