Security Onion

Security Onion is a free and open platform built by defenders for defenders. It provides comprehensive network and host visibility, intrusion detection, log management, and case management capabilities. Security Onion is deployed within all major industry verticals, governments, and Fortune 500 enterprises worldwide. Key Components: • Network Visibility: Signature-based detection via Suricata, protocol metadata and file extraction using Zeek or Suricata, full packet capture using Stenographer or Suricata • Host Visibility: Elastic Agent providing data collection, live queries via osquery, and centralized management using Elastic Fleet • Intrusion Detection: Network Intrusion Detection System (NIDS) alerts and OpenCanary honeypots • Security Onion Console (SOC): Custom interfaces for alerts, dashboards, threat hunting, case management, and grid management Current Version: Security Onion 2.4.140 (released March 2025) • Security Onion 2.4.150 celebrating over 2 million downloads • New AI Summary feature for enhanced threat analysis • Zeek 7 support with additional protocol analysis (QUIC, HTTP2, OpenVPN, IPSEC) • Enhanced API capabilities for Security Onion Pro customers • Local IP lookup features for better environment mapping Recent Enhancements: • Base OS migration and improved container architecture • Integration with Elastic 8.17.3 • Enhanced detection capabilities with Sigma and YARA rules • Improved case management and investigation workflows • Real-time alerting and automated response capabilities Security Onion integrates best-of-breed open source tools including Suricata, Zeek, Elasticsearch, Logstash, Kibana, CyberChef, NetworkMiner, and many others. It enables organizations to monitor north/south and east/west traffic, detect lateral movement, and provide comprehensive endpoint telemetry for complete security visibility.