2.4
Table of Contents
About
Introduction
License
First Time Users
Getting Started
Security Onion Console (SOC)
Security Onion Desktop
Network Visibility
Host Visibility
Logs
Updating
Accounts
Services
Customizing for Your Environment
Tuning
Tricks and Tips
Utilities
Help
Security
Release Notes
Appendix
Cheat Sheet
Security Onion Documentation
Security Onion Documentation
Edit on GitHub
Security Onion Documentation
Table of Contents
About
Security Onion
Security Onion Solutions, LLC
Documentation
Introduction
Network Visibility
Host Visibility
Analysis Tools
Workflow
Deployment Scenarios
Conclusion
License
First Time Users
Getting Started
Best Practices
Architecture
Hardware Requirements
Download
VMware
VirtualBox
Proxmox
Booting Issues
Airgap
Installation
Amazon Cloud Image
Azure Cloud Image
Google Cloud Image
Configuration
After Installation
Security Onion Console (SOC)
Alerts
Dashboards
Hunt
Cases
PCAP
Grid
Downloads
Administration
Kibana
Elastic Fleet
Osquery Manager
InfluxDB
CyberChef
Playbook
ATT&CK Navigator
Security Onion Desktop
Chromium
NetworkMiner
Wireshark
Network Visibility
AF-PACKET
Stenographer
Suricata
Zeek
Strelka
Intrusion Detection Honeypot
Host Visibility
Elastic Agent
Syslog
Sysmon
Logs
Ingest
Logstash
Redis
Elasticsearch
ElastAlert
Curator
Data Fields
Alert Data Fields
Elastalert Fields
Zeek Fields
Community ID
SOC Logs
Updating
soup
End Of Life
Accounts
Passwords
MFA
Adding Accounts
Listing Accounts
Disabling Accounts
Role-Based Access Control (RBAC)
Kratos
OpenID Connect (OIDC)
Services
Customizing for Your Environment
SOC Customization
nginx
Proxy
Firewall
Email
NTP
Console
SSH
Hostname
IP Address
Web Access URL
Tuning
BPF
Managing Rules
Adding Local Rules
Managing Alerts
High Performance Tuning
Salt
Tricks and Tips
Backup
Docker
Jupyter Notebook
Adding a new disk
Network Installation
PCAPs for Testing
Removing a Node
Syslog Output
UTC and Time Zones
pfSense
Endgame
Utilities
jq
so-allow
so-elastic-auth-password-reset
so-elasticsearch-query
so-import-pcap
so-import-evtx
so-monitor-add
so-status
so-test
so-user
Help
FAQ
Directory Structure
Tools
Support
Community Support
Help Wanted
Security
Vulnerability Disclosure
Product and Supply Chain Integrity
Release Notes
Known Issues
Appendix
Cheat Sheet
Read the Docs
v: 2.4
Versions
latest
2.4
2.3
test
dev
Downloads
pdf
epub
On Read the Docs
Project Home
Builds