Software Bill of Materials
The following table lists the major software projects integrated into the current version of Security Onion.
| Product | Version | Author | Project URL | License | Description |
|---|---|---|---|---|---|
| Alpine Linux | 3.23.3 | Alpine Linux Development Team | https://alpinelinux.org/ | GNU GPL Version 3 | Alpine Linux is a security-oriented, lightweight Linux distribution based on musl libc and busybox. |
| ATT&CK Navigator | 5.3.0 | MITRE | https://github.com/mitre-attack/attack-navigator | Apache License 2 | The ATT&CK Navigator is designed to provide basic navigation and annotation of ATT&CK matrices, something that people are already doing today in tools like Excel. |
| CyberChef | 10.22.1 | GCHQ | https://github.com/gchq/CyberChef | Apache License 2 | The "Cyber Swiss Army Knife" - a web app for encryption, encoding, compression and data analysis. |
| Docker | 29.2.1 | Docker | https://github.com/docker | Apache License 2 | Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. |
| ElastAlert | 2.28.0 | Jason Ertel | https://github.com/jertel/elastalert2 | Apache License 2 | ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch. |
| Elastic Agent | 9.0.8 | Elastic | https://github.com/elastic/elastic-agent | Elastic License Version 2 | Beats is a free and open platform for single-purpose data shippers. They send data from hundreds or thousands of machines and systems to Logstash or Elasticsearch. |
| Elasticsearch | 9.0.8 | Elastic | https://github.com/elastic/elasticsearch | Elastic License Version 2 | Elasticsearch is a distributed, open source search and analytics engine for all types of data, including textual, numerical, geospatial, structured, and unstructured. |
| evtx | 0.11.0 | Omer Benamram | https://github.com/omerbenamram/evtx | MIT License | A cross-platform parser for the Windows XML EventLog format. |
| evtx2es | 1.8.0 | Shinta Nakano | https://github.com/Security-Onion-Solutions/evtx2es | MIT License | A fast library for parsing and importing Windows Event Logs into Elasticsearch. |
| ExifTool | 12.60 | Phil Harvey | https://github.com/exiftool/exiftool | GNU GPL Version 3 | ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. |
| Hydra | 25.4.0 | Ory | https://github.com/ory/hydra | Apache License 2 | Ory Hydra is a hardened, OpenID Certified OAuth 2.0 Server and OpenID Connect Provider optimized for low-latency, high throughput, and low resource consumption |
| InfluxDB | 2.7.12 | InfluxData | https://github.com/influxdata/influxdb/tree/main-2.x | MIT License | InfluxDB is an open source time series platform. This includes APIs for storing and querying data, processing it in the background for ETL or monitoring and alerting purposes, user dashboards, and visualizing and exploring the data and more. |
| Kibana | 9.0.8 | Elastic | https://github.com/elastic/kibana | Elastic License Version 2 | Kibana is an open source frontend application that sits on top of the Elastic Stack, providing search and data visualization capabilities for data indexed in Elasticsearch. |
| Kratos | 25.4.0 | Ory | https://github.com/ory/kratos | Apache License 2 | Ory Kratos is the developer-friendly, security-hardened and battle-tested Identity, User Management and Authentication system for the Cloud. |
| Logstash | 9.0.8 | Elastic | https://github.com/elastic/logstash | Elastic License Version 2 | Logstash is a server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite "stash." |
| NetworkMiner | 2.8.1 | Netresec | https://www.netresec.com/?page=NetworkMiner | GNU GPL Version 2 | NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) and can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files. Only included in Security Onion Desktop. |
| Nginx | 1.29.6 | NGINX | https://github.com/nginxinc/docker-nginx | 2-Clause BSD License | Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. |
| OpenCanary | 0.9.7 | Thinkst Canary | https://github.com/thinkst/opencanary | 3-Clause BSD License | OpenCanary is a multi-protocol network honeypot. It's primary use-case is to catch hackers after they've breached non-public networks. |
| Oracle Linux 9 | 9.7 | Oracle Linux | https://www.oracle.com/linux/ | GNU GPL Version 2 | Oracle Linux is a Linux distribution packaged and freely distributed by Oracle, available partially under the GNU General Public License since late 2006. It is compiled from Red Hat Enterprise Linux source code, replacing Red Hat branding with Oracle's. |
| pcapfix | 1.1.7 | Robert Krause | https://github.com/Rup0rt/pcapfix/ | GNU GPL Version 3 | Pcapfix is a tool to repair your damaged or corrupted pcap and pcapng files. |
| Python | 3.14.3 | Python Software Foundation | https://github.com/python/ | Python Software Foundation License Version 2 | Python is a programming language that lets you work quickly and integrate systems more effectively. |
| Redis | 7.2.13 | Redis | https://github.com/redis/redis | 3-Clause BSD License | Redis is an open source in-memory data structure store used as a database, cache and message broker. |
| Salt | 3006.19 | Salt Project | https://github.com/saltstack/salt | Apache License 2 | Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads of information, and not just dozens, but hundreds or even thousands of individual servers, handle them quickly and through a simple and manageable interface. |
| Security Onion Console | 3.0.0 | Security Onion Solutions | https://github.com/Security-Onion-Solutions/securityonion-soc | Elastic License Version 2 | Security Onion Console is a web interface to viewing alerts, hunting, and PCAP analysis. |
| Strelka | 1.0.1 | Target | https://github.com/target/strelka | Apache License 2 | Strelka is a real-time file scanning system used for threat hunting, threat detection, and incident response. Strelka’s purpose is to perform file extraction and metadata collection at huge scale. |
| Suricata | 8.0.4 | OISF | https://github.com/OISF/suricata | GNU GPL Version 2 | Suricata is a free and open source, mature, fast and robust network threat detection engine. Suricata inspects the network traffic using a powerful and extensive rules and signature language. |
| Telegraf | 1.38.0 | InfluxData | https://github.com/influxdata/telegraf | MIT License | Telegraf is a server-based agent for collecting and sending all metrics and events from databases, systems, and IoT sensors. Telegraf is written in Go and compiles into a single binary with no external dependencies, and requires a very minimal memory footprint. |
| Ubuntu | 22.04, 26.04 | Canonical | https://github.com/canonical | Canonical's IPRights Policy | The number 1 open source operating system powers millions of PCs and laptops around the world. |
| Yara | 4.3.1 | VirusTotal | https://github.com/virustotal/yara | 3-Clause BSD License | YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. |
| Wireshark | 3.4.10 | Wireshark | https://github.com/wireshark/wireshark | GNU GPL Version 2 | Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Only included in Security Onion Desktop. |
| Zeek | 8.0.6 | Zeek | https://github.com/zeek/zeek/ | 3-Clause BSD License | A powerful framework for network traffic analysis and security monitoring. |