Getting Started Overview¶

If you're ready to get started with Security Onion, you may have questions like:

What are the recommended best practices?

How many machines do I need?

Depending on what you're trying to do, you may need anywhere from one machine to thousands of machines. The Use Cases and Architecture sections will help you decide.

What kind of hardware does each of those machines need?

This could be anything from a small virtual machine to a large rack mount server with lots of CPU cores, lots of RAM, and lots of storage. The Hardware section provides further details.

If I just want to try Security Onion in a virtual machine, how do I create a virtual machine?

See the VMware, VirtualBox, and Proxmox sections.

How do I deploy Security Onion in the cloud?

See the Amazon Cloud, Azure Cloud, and Google Cloud sections.

What if I have trouble booting the ISO image?

Check out the Trouble Booting section.

What if I'm on an airgap network?

Review the Airgap section.

Once I've booted the ISO image, how do I install it?

See the Installation section.

After installation, how do I configure Security Onion?

The Configuration section covers many different use cases.

Is there anything I need to do after configuration?

See the Post Installation section.