What is Security Onion?
Security Onion is a network security monitoring system that provides full context and forensic visibility into the traffic it monitors. At it's heart it is designed to make deploying multiple complex open source tools simple via a single package, reducing what would normally take days to weeks of work to minutes. Featuring Bro IDS, your choice of Snort or Suricata, Sguil analyst console, ELSA, Squert, Snorby and capME web interfaces, and the ability to pivot from one tool to the next seamlessly provides the most effective collection of network security tools available in a single package.
What can it do for you?
What can't it do for you?
Security Onion is a network monitoring and detection system. It will not block an attack, nor is it designed to. It will however act as a video camera for your network for every connection it sees, not just the one's that it thinks are bad. In a world where detection rates are unpredictable, evidence like this can save you a lot of money.
CHANGESNo major changes since we announced RC1 and the ISO image, just a few small bug fixes:
INSTRUCTIONSFor full instructions on installing Security Onion 12.04, please see the installation page on Wiki.
|Installation||Security Onion 12.04 Installation Procedure|
|Booting ISO image|
|Completed Xubuntu installer, ready to reboot into new installation|
|Rebooted into new installation, ready to run Setup|
|Started Setup Wizard|
|Setup detects that network interfaces have already been configured|
|Choosing Quick Setup for this test VM|
|Logging into Squert|
|Sguil RealTime Console|
|Logging into ELSA|
|ELSA pivoting from Bro notice to full transcript|
|Full transcript in CapME|