Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack.
High-Level Architecture Diagram
Curator – Manage indices through scheduled maintenance.
ElastAlert – Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information.
FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc.
DomainStats – Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc.
Changelog v16.04.6.1 20190514
- Elastic 6.7.2
- CyberChef 8.31.3
- Suricata 4.1.4
- Wazuh 3.8.2
- now includes a static copy of our new Documentation
- now includes our Cheat Sheet PDF
- so-import-pcap handles many more use cases and can now run Setup for you if necessary
- new PCAP samples in /opt/samples/mta/
- Setup now configures Bro and Suricata for AF_PACKET by default
- fixed lots of bugs!