Security Onion Console (SOC)

_images/analyst.png

Once you’ve run so-allow and allowed your IP address, you can then connect to Security Onion Console (SOC) with your web browser. We recommend chromium or chromium-based browsers such as Google Chrome. Other browsers may work, but fully updated chromium-based browsers provide the best compatibility.

Depending on the options you chose in the installer, connect to the IP address or hostname of your Security Onion installation. Then login using the email address and password that you specified in the installer.

_images/login.png

Once logged in, you’ll notice the user menu in the upper right corner. This allows you to manage your user settings and access documentation and other resources.

_images/soc-overview.png

On the left side of the page, you’ll see links for analyst tools like Alerts, Hunt, Cases, PCAP, Kibana, CyberChef, Playbook, and ATT&CK Navigator. While Alerts, Hunt, Cases, and PCAP are native to SOC itself, the remaining tools are external and will spawn separate browser tabs.

If you’d like to customize SOC, please see the SOC Customization section. If you’d like to learn more about SOC logs, please see the SOC Logs section.