Security Onion Console (SOC)¶

Once you’ve run so-allow and allowed your IP address, you can then connect to Security Onion Console (SOC) with your web browser. We recommend chromium or chromium-based browsers such as Google Chrome. Other browsers may work, but fully updated chromium-based browsers provide the best compatibility.
Depending on the options you chose in the installer, connect to the IP address or hostname of your Security Onion installation. Then login using the email address and password that you specified in the installer.

Once logged in, you’ll notice the user menu in the upper right corner. This allows you to manage your user settings and access documentation and other resources.

On the left side of the page, you’ll see links for analyst tools like Alerts, Dashboards, Hunt, Cases, PCAP, Kibana, CyberChef, Playbook, and ATT&CK Navigator. While Alerts, Dashboards, Hunt, Cases, and PCAP are built into SOC itself, the remaining tools are external and will spawn separate browser tabs.
If you’d like to customize SOC, please see the SOC Customization section. If you’d like to learn more about SOC logs, please see the SOC Logs section.
- Alerts
- Dashboards
- Hunt
- Cases
- PCAP
- Grid
- Downloads
- Administration
- Kibana
- Grafana
- CyberChef
- Playbook
- Overview
- Getting Started
- Creating a new Play
- Editing a Play
- Putting a Play into Production
- Viewing Playbook Alerts
- Tuning Plays
- User Accounts
- Disable Anonymous Access and Create User Accounts
- Misc Notes
- Log Sources and Field Names
- .Security subfield
- Adding Additional Rulesets
- Diagnostic Logging
- More Information
- FleetDM
- ATT&CK Navigator