Security Onion Documentation

Table of Contents

• About
  • Security Onion
  • Security Onion Solutions, LLC
  • Documentation
• Introduction
  • Overview
  • Analysis Tools
  • Deployment Scenarios
  • Conclusion
• Getting Started
  • License
  • Architecture
  • Hardware Requirements
  • Partitioning
  • Release Notes
  • Download
  • VMware
  • VirtualBox
  • Booting Issues
  • Installation
  • AWS Cloud AMI
  • Configuration
  • After Installation
• Security Onion Console (SOC)
  • Alerts
  • Hunt
  • PCAP
  • Grid
  • Downloads
  • Administration
  • Kibana
  • Grafana
  • CyberChef
  • Playbook
  • Fleet
  • TheHive
  • ATT&CK Navigator
• Analyst VM
  • NetworkMiner
  • Wireshark
• Network Visibility
  • AF-PACKET
  • Stenographer
  • Suricata
  • Zeek
  • Strelka
• Host Visibility
  • osquery
  • Beats
  • Wazuh
  • Syslog
  • Sysmon
  • Autoruns
• Logs
  • Ingest
  • Filebeat
  • Logstash
  • Redis
  • Elasticsearch
  • ElastAlert
  • Curator
  • Data Fields
  • Alert Data Fields
  • Elastalert Fields
  • Zeek Fields
  • Community ID
  • Re-Indexing
• Updating
  • soup
  • Airgap
  • End Of Life
• Accounts
  • Passwords
  • Adding Accounts
  • Listing Accounts
  • Disabling Accounts
• Services
• Customizing for Your Environment
  • Cortex
  • Proxy Configuration
  • Firewall
  • Email Configuration
  • NTP
  • SSH
  • Changing IP Addresses
• Tuning
  • Salt
  • Homenet
  • BPF
  • Managing Rules
  • Adding Local Rules
  • Managing Alerts
  • High Performance Tuning
• Tricks and Tips
  • Backups
  • Docker
  • DNS Anomaly Detection
  • ICMP Anomaly Detection
  • Adding a new disk
  • PCAPs for Testing
  • Removing a Node
  • Syslog Output
  • UTC and Time Zones
• Utilities
  • jq
  • so-allow
  • so-import-pcap
  • so-monitor-add
  • so-test
  • so-zeek-logs
• Help
  • FAQ
  • Directory Structure
  • Tools
  • Support
  • Community Support
  • Help Wanted
• Security
• Appendix
• Cheat Sheet