Security Onion

What is Security Onion?

Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools.

Reference: https://github.com/Security-Onion-Solutions/security-onion/wiki/Elastic-Architecture

**2 Technical Aspects of Security Onion**

As a Linux distribution based on Ubuntu, Security Onion contains several tools of security like Suricata, Snort, Bro, CapME, Squert, NetworkMiner, Wireshark, Logstash + Kibana and some others, all these tools are integrated in the system, the use of these features is quite easy to set up due to the complementation configurated for them is relatively easy to pivot between each one of them.

The principal objective of these tools is the detection of intrusions and monitoring the process of the network by keeping special attention over the security events within the network.

**3 How to Install/Configure/Troubleshoot an ISO**

The easiest way to install security onion is to install an ISO image on a Virtual Box or VMware. Download the ISO image from: https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

More on configuration and troubleshooting: https://www.youtube.com/watch?v=jRoQUVY-2Ic

Written on January 28, 2020