Getting Started

This section will give you an overview of different use cases for Security Onion and how you might install and configure Security Onion to handle those use cases.

• Use Cases
  • Pcap Forensics
  • Evaluation
  • Minimal Evaluation
  • Production Server - Standalone
  • Production Server - Distributed Deployment
  • Analyst VM
  • Sending Logs to Separate SIEM
• Architecture
  • High-Level Architecture Diagram
  • Core Components
  • Auxilliary Components
  • Detailed Data Flow Diagram
  • Deployment Types
  • Node Types
• Hardware Requirements
  • Architecture
  • UEFI
  • UEFI Secure Boot
  • UPS
  • Elastic Stack
  • Standalone Deployments
  • Master server with local log storage
  • Master server with storage nodes
  • Storage Node
  • Forward Node (Sensor)
  • Heavy Node (Sensor with ES components)
  • Sensor Hardware Considerations
• HWE
  • Security Onion ISO Image
  • Building from Ubuntu
  • More information
• Download
• VMWare
  • Overview
  • Creating VM
  • Sniffing
• VirtualBox
  • Creating VM
  • VirtualBox Guest Additions
  • Snapshots
• Booting Issues
• ISO Release Notes
• so-import-pcap
  • Minimum Requirements
  • Installation
  • Usage
  • Example
  • Warning
• Quick Evaluation using Security Onion ISO image
• Quick Evaluation on Ubuntu
• Production Deployment
  • Hardware Requirements
  • Download and Verify
  • Distributed Deployments
  • Install
  • Update
  • Setup
• After Installation
  • Resolution
  • Services
  • Other
  • Optional
  • Learn More
• Secure Boot