Security Onion Console (SOC)

Once all configuration is complete, you can then connect to Security Onion Console (SOC) with your web browser. We recommend chromium-based browsers such as Google Chrome. Other browsers may work, but fully updated chromium-based browsers provide the best compatibility.

Depending on the options you chose in the installer, connect to the IP address or hostname of your Security Onion installation. Then login using the email address and password that you specified in the installer.

Once logged in, you’ll notice the user menu in the upper right corner. This allows you to manage your user settings and access documentation and other resources.

On the left side of the page, you’ll see links for analyst tools like Alerts, Dashboards, Hunt, Cases, PCAP, Kibana, CyberChef, Playbook, and ATT&CK Navigator. While Alerts, Dashboards, Hunt, Cases, and PCAP are built into SOC itself, the remaining tools are external and will spawn separate browser tabs.

If you’d like to customize SOC, please see the SOC Customization section. If you’d like to learn more about SOC logs, please see the SOC Logs section.

• Alerts
  • Options
  • Query Bar
  • Time Picker
  • Data Table
  • Context Menu
• Dashboards
  • Options
  • Query Bar
  • Time Picker
  • Basic Metrics
  • Group Metrics
  • Events
  • Statistics
  • Context Menu
  • OQL
• Hunt
• Cases
  • Installation
  • Creating a New Case
  • Comments
  • Attachments
  • Observables
  • Events
  • History
  • Overview Page
  • Options
  • Query Bar
  • Time Picker
  • Data Table
  • Data
  • Analyzers
• PCAP
  • Troubleshooting
• Grid
  • Node Status
  • Container Status
  • Appliance Images
  • Other Grid Pages
• Downloads
• Administration
  • Users
  • Grid Members
  • Configuration
  • License Key
• Kibana
  • Authentication
  • Kibana Dashboards
  • Search Results
  • Timestamps
  • Configuration
  • Diagnostic Logging
  • Features
  • More Information
• Elastic Fleet
  • Configuration
  • Agents
  • Adding Agents
  • Agent Policies
  • Agent Policies - endpoints-initial
  • Integrations
  • Adding an Integration
  • Adding a Custom Integration
  • Enrollment Tokens
  • Data Streams
  • Settings
  • Custom FQDN URL
  • More Information
• Osquery Manager
  • More Information
• InfluxDB
  • Authentication
  • Configuration
  • More Information
• CyberChef
  • Screenshot
  • Accessing
  • File Extraction
  • More Information
• Playbook
  • Getting Started
  • Creating a new Play
  • Editing a Play
  • Putting a Play into Production
  • Viewing Playbook Alerts
  • Tuning Plays
  • User Accounts
  • Disable Anonymous Access and Create User Accounts
  • Misc Notes
  • Log Sources and Field Names
  • Adding Additional Rulesets
  • Diagnostic Logging
  • More Information
• ATT&CK Navigator
  • Accessing
  • Default Layer - Playbook
  • Configuration
  • More Information