Security Onion Documentation¶

Table of Contents¶

About
- Security Onion
- Security Onion Solutions, LLC
- Documentation
Introduction
- Network Security Monitoring
- Enterprise Security Monitoring
- Analysis Tools
- Workflow
- Deployment Scenarios
- Conclusion
License
First Time Users
Getting Started
- Best Practices
- Architecture
- Hardware Requirements
- Partitioning
- Download
- VMware
- VirtualBox
- Proxmox
- Booting Issues
- Airgap
- Installation
- AWS Cloud AMI
- Azure Cloud Image
- Configuration
- After Installation
Security Onion Console (SOC)
- Alerts
- Dashboards
- Hunt
- Cases
- PCAP
- Grid
- Downloads
- Administration
- Kibana
- Grafana
- CyberChef
- Playbook
- FleetDM
- ATT&CK Navigator
Analyst VM
- Installation
- Joining to Grid
- Disabling
Network Visibility
- AF-PACKET
- Stenographer
- Suricata
- Zeek
- Strelka
- Intrusion Detection Honeypot
Host Visibility
- osquery
- Beats
- Wazuh
- Syslog
- Sysmon
- Autoruns
Logs
- Ingest
- Filebeat
- Logstash
- Redis
- Elasticsearch
- ElastAlert
- Curator
- Data Fields
- Alert Data Fields
- Elastalert Fields
- Zeek Fields
- Community ID
- Re-Indexing
- SOC Logs
- Other Supported Logs
Updating
- soup
- End Of Life
Accounts
- Passwords
- MFA
- Adding Accounts
- Listing Accounts
- Disabling Accounts
- Role-Based Access Control (RBAC)
Services
Customizing for Your Environment
- SOC Customization
- Proxy Configuration
- Firewall
- Email Configuration
- NTP
- SSH
- Changing Hostname
- Changing IP Addresses
- Changing Web Access URL
Tuning
- Salt
- Homenet
- BPF
- Managing Rules
- Adding Local Rules
- Managing Alerts
- High Performance Tuning
Tricks and Tips
- Backups
- Docker
- DNS Anomaly Detection
- Endgame
- ICMP Anomaly Detection
- Jupyter Notebook
- Machine Learning
- Adding a new disk
- PCAPs for Testing
- Removing a Node
- Syslog Output
- UTC and Time Zones
Utilities
- jq
- so-allow
- so-elastic-auth
- so-elasticsearch-query
- so-import-pcap
- so-import-evtx
- so-monitor-add
- so-status
- so-test
- so-zeek-logs
Help
- FAQ
- Directory Structure
- Tools
- Support
- Community Support
- Help Wanted
Security
- Vulnerability Disclosure
- Product and Supply Chain Integrity
Appendix
- Appendix A: Security Onion 16.04
- Appendix B: Ubuntu 18.04
Release Notes
- 2.3.220 Hotfix [20230301] Changes
- 2.3.220 [20230224] Changes
- 2.3.210 [20230202] Changes
- 2.3.200 [20230113] Changes
- 2.3.190 Hotfix [20221207] Changes
- 2.3.190 [20221205] Changes
- 2.3.182 [20221109] Changes
- 2.3.181 [20221021] Changes
- 2.3.180 [20221014] Changes
- 2.3.170 [20220922] Changes
- 2.3.160 [20220829] Changes
- 2.3.150 [20220820] Changes
- 2.3.140 Hotfix [20220812] Changes
- 2.3.140 Hotfix [20220719] Changes
- 2.3.140 Changes
- 2.3.130 Changes
- 2.3.120 Changes
- 2.3.110 Hotfix [20220407] Changes
- 2.3.110 Hotfix [20220407] Known Issues
- 2.3.110 Hotfix [20220405] Changes
- 2.3.110 Hotfix [20220401] Changes
- 2.3.110 Changes
- 2.3.100 Hotfix [20220301] Changes
- 2.3.100 Hotfix [20220203] Changes
- 2.3.100 Hotfix [20220202] Changes
- 2.3.100 Changes
- 2.3.91 Changes
- 2.3.90 Hotfix [20211213]
- 2.3.90 Hotfix [20211210]
- 2.3.90 Hotfix [20211206]
- 2.3.90 Hotfix [AIRGAPFIX]
- 2.3.90 Hotfix [WAZUH]
- 2.3.90 Changes
- 2.3.80 Changes
- 2.3.70 Hotfix [WAZUH]
- 2.3.70 Hotfix [GRAFANA_DASH_ALLOW]
- 2.3.70 Hotfix [CURATOR]
- 2.3.70 Changes
- 2.3.61 Hotfix [STENO, MSEARCH]
- 2.3.61 Changes
- 2.3.60 Hotfix [ECSFIX, HEAVYNODE, FBPIPELINE, CURATORAUTH] Changes
- 2.3.60 Changes
- 2.3.52 Changes
- 2.3.51 Changes
- 2.3.50 Changes
- 2.3.50 Known Issues
- 2.3.40 Changes
- 2.3.40 Known Issues
- 2.3.30 Changes
- 2.3.30 Known Issues
- 2.3.21 Changes
- 2.3.10 Changes
- 2.3.10 Known Issues
- 2.3.2 Changes
- 2.3.1 Changes
- 2.3.1 Known Issues
- 2.3.0 Changes
- 2.2.0 Changes
- 2.1.0 Changes
- 2.0.3 Changes
- 2.0.2 Changes
- 2.0.1 Changes
- 2.0.0 Changes
Cheat Sheet

Read the Docs v: 2.3

Versions: latest; 2.4; 2.3

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.