Security Onion Desktop¶
Security Onion Desktop is still considered experimental!
Full-time analysts may want to use a dedicated Security Onion desktop. This allows you to investigate pcaps, malware, and other potentially malicious artifacts without impacting your Security Onion deployment or your usual desktop environment.
Security Onion Desktop currently only supports Oracle Linux 9, so you’ll either need to use our Security Onion ISO image (recommended) or a manual installation of Oracle Linux 9.
There are a few different ways to install Security Onion Desktop:
- Our Security Onion ISO image includes a boot menu option for Desktop installs that will partition your disk appropriately and immediately perform a Desktop installation. The minimum disk size is 50GB.
- If you’re doing a network installation on Oracle Linux 9 (NOT using our Security Onion ISO image), then in our normal Setup wizard, you can choose
OTHERand then choose
so-desktop-installcommand is totally independent of the standard setup process, so you can run it before or after setup or not run setup at all if all you really want is the Analyst desktop itself.
Depending on how you install, it may take a full Salt cycle before all desktop components are installed and ready for use.
Joining to Grid
You can optionally join your Desktop installation to your grid. This allows it to pull updates from the grid and automatically trust the grid’s HTTPS certificate. It also updates the manager’s firewall to allow the Desktop installation to connect. Starting with Security Onion 2.4.20, Desktop nodes will now display on the Grid page along with the other grid nodes.
If you choose not to join your Desktop installation to your grid, then you may need to allow the traffic through the host-based Firewall by going to Administration –> Configuration –> firewall –> hostgroups –> analyst.
workstation: gui: enabled: false