Security Onion Console (SOC)


Once all configuration is complete, you can then connect to Security Onion Console (SOC) with your web browser. We recommend chromium-based browsers such as Google Chrome. Other browsers may work, but fully updated chromium-based browsers provide the best compatibility.

Depending on the options you chose in the installer, connect to the IP address or hostname of your Security Onion installation. Then login using the email address and password that you specified in the installer.


Once logged in, you’ll notice the user menu in the upper right corner. This allows you to manage your user settings and access documentation and other resources.


On the left side of the page, you’ll see links for analyst tools like Alerts, Dashboards, Hunt, Cases, PCAP, Kibana, CyberChef, Playbook, and ATT&CK Navigator. While Alerts, Dashboards, Hunt, Cases, and PCAP are built into SOC itself, the remaining tools are external and will spawn separate browser tabs.

If you’d like to customize SOC, please see the SOC Customization section. If you’d like to learn more about SOC logs, please see the SOC Logs section.