Host VisibilityΒΆ

When you logged into Security Onion Console (SOC), you may have seen some host logs from Wazuh. Security Onion can also consume many other kinds of host logs as well. You can send logs to Security Onion via your choice of either osquery, Beats, Wazuh, or Syslog.

For Windows endpoints, you can optionally augment the standard Windows logging with Sysmon and/or Autoruns. Those additional logs can then be transported by whatever mechanism you chose above.