You’re looking for Security Onion, https://securityonionsolutions.com/. It’s a bunch of integrated tools that will sniff traffic and show alerts. Self hosted, open source, and free. Source: 5 months ago
Grab Security Onion for some blue team tools, try to get Zeek, Wazuh, and Suricata working and look at the output. Source: 10 months ago
If you want a GUI tool try Security Onion. (https://securityonionsolutions.com/). It is essentially zeek & more wrapped up in an easy to use GUI. Source: 10 months ago
Used security onion many years ago. https://securityonionsolutions.com/. Source: over 1 year ago
Active Measures - Includes (IDS/IPS) such as open-source Suricata or Snort on pfSense, and File Integrity Monitoring (FIM), such as the commercial Tripwire and dated, open-source Tripwire, or the open-source Wazuh installed on servers. These can be combined into a Security Information and Event Management (SIEM) system like the open-source solution, Security Onion. Wazuh itself has evolved into a SIEM. Source: over 1 year ago
Active measures may include an intrusion detection system / intrusion prevention systems (IDS/IPS) such as open-source Suricata on the firewall, and installing file system integrity monitoring, such as the open-source Wazuh on the exposed server. These are combined in one open-source solution, Security Onion. Source: over 1 year ago
SecurityOnion https://securityonionsolutions.com/ -- While it can be left just to capture packets, why stop there? Automatically scan for some useful information during the capture process. You can also use BPF rules to ignore specific traffic as needed to reduce resources needed. Source: over 1 year ago
Mirror pfsense traffic to security onion and create your own SOC. Source: over 1 year ago
Active measures may include an intrusion detection system / intrusion prevention systems (IDS/IPS) such as open-source Suricata on the firewall, and installing file system integrity monitoring, such as the open-source Wazuh on the exposed server. These are combined in one open-source solution, Security Onion. Source: over 1 year ago
Security Onion might be worth your time too for IR. Source: almost 2 years ago
Security Onion https://securityonionsolutions.com. Source: almost 2 years ago
What about security onion? It's a distro designed for a full SIEM suite (not just wazuh), similar to how kali is for pentesting. Source: about 2 years ago
The closest thing I can think of would be Security Onion. Source: about 2 years ago
Active measures may include an intrusion detection system / intrusion prevention systems (IDS/IPS) such as open-source Suricata on the firewall, and installing file system integrity monitoring, such as the open-source Wazuh on the exposed server. These are combined in one open-source solution, Security Onion. Source: over 2 years ago
Look into the security onion and malware traffic analysis. Free PCAPs with the bonus of malware to analyze and a way to really understand what's happening on your network. Also, clcyber defenders has at least one PCAP CTF. Source: over 2 years ago
As long as you have some reasonably powerful hardware laying around and can create a mirror port with a switch the most powerful tool you'll ever come across is security union, which is a full hunting and detection suite available as full open source and free on https://securityonionsolutions.com/. Source: over 2 years ago
For that size I'd look at Security Onion. That's about as good as you'll get for free, but it's a nice package. Note that SecurityOnion really relies on NIDS/HIDS to work to full potential. Source: over 2 years ago
Https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-home-edition.aspx Https://cybersecurity.att.com/products/ossim Https://securityonionsolutions.com/ Https://www.ibm.com/community/qradar/ce/. Source: over 2 years ago
You could also have a look at OSSIM or Security Onion if you are interested in more all-in-one solutions. Source: over 2 years ago
SecurityOnion (https://securityonionsolutions.com/) provides a bunch of network monitoring tools which can be used to track suspicious/malicious behaviour across a network. Plug in some host-based monitoring (e.g., via Winlogbeat https://www.elastic.co/beats/winlogbeat and Sysmon https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon) and you have yourself a 'mini SOC'. Source: over 2 years ago
For a SEIM you could look at using Security Onion which includes a collection of OSS tools itll cover most of that stuff minus the Firewall and MFA stuff. Its OSS but has a paid support if thats a requirement https://securityonionsolutions.com/. Itll also handle some of the edr type things if youre ok doing it more manually config wise but we use SentinelOne at work and it does a pretty decent job. Source: almost 3 years ago
Do you know an article comparing SecurityOnion to other products?
Suggest a link to a post with product alternatives.
This is an informative page about SecurityOnion. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.