Full-time analysts may want to create a dedicated Analyst VM. This allows you to investigate pcaps and other potentially malicious artifacts without fear of impacting your Security Onion deployment or your workstation.
so-analyst currently downloads packages from the Internet, so you will need to ensure that networking is configured before running
If you installed using our Security Onion 2.2 (or higher) ISO image:
Otherwise, if you installed standard CentOS 7 and then cloned our github repo, then you can run
so-analyst from your git clone directory like this: