Security Onion

Peel back the layers of your network

Find out more

About Security Onion

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

Get started!

Data Types

Alert data

HIDS alerts from OSSEC and NIDS alerts from Snort/Suricata

Asset Data

Asset Data from Bro

Full content data

Full packet capture from netsniff-ng

Host data

Host data via OSSEC and syslog-ng

Session data

Session data from Bro

Transaction data

http/ftp/dns/ssl/other logs from Bro

Screenshots

Our easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes

Analyze and visualize your NIDS/HIDS alerts with Squert

Pivot to CapME to analyze full packet capture transcripts (including automatic gzip decoding) and download pcaps

Use ELSA to slice and dice your logs and hunt for adversaries

Pivot between multiple data types with Sguil and send pcaps to Wireshark and NetworkMiner

Build your own custom dashboards using ELSA

Want to learn more about Security Onion?

Wiki Conference Training

Connect

blog.securityonion.net

@SecurityOnion

Mailing List

Copyright © Security Onion Solutions, LLC