SecurityOnion Reviews and details

Social recommendations and mentions

• Self Hosted Traffic Monitoring

  You’re looking for Security Onion, https://securityonionsolutions.com/. It’s a bunch of integrated tools that will sniff traffic and show alerts. Self hosted, open source, and free. Source: 5 months ago

• Did I get a cyber role too early?

  Grab Security Onion for some blue team tools, try to get Zeek, Wazuh, and Suricata working and look at the output. Source: 10 months ago

• Do you have any recommendations for a way to log every website that comes across my network with the mac address that requested it?

  If you want a GUI tool try Security Onion. (https://securityonionsolutions.com/). It is essentially zeek & more wrapped up in an easy to use GUI. Source: 10 months ago

• Home Virtual SIEM Lab Suggestions?

  Used security onion many years ago. https://securityonionsolutions.com/. Source: over 1 year ago

• Server Hardening

  Active Measures - Includes (IDS/IPS) such as open-source Suricata or Snort on pfSense, and File Integrity Monitoring (FIM), such as the commercial Tripwire and dated, open-source Tripwire, or the open-source Wazuh installed on servers. These can be combined into a Security Information and Event Management (SIEM) system like the open-source solution, Security Onion. Wazuh itself has evolved into a SIEM. Source: over 1 year ago

• Help with server build

  Active measures may include an intrusion detection system / intrusion prevention systems (IDS/IPS) such as open-source Suricata on the firewall, and installing file system integrity monitoring, such as the open-source Wazuh on the exposed server. These are combined in one open-source solution, Security Onion. Source: over 1 year ago

• What do you use for logging network packets?

  SecurityOnion https://securityonionsolutions.com/ -- While it can be left just to capture packets, why stop there? Automatically scan for some useful information during the capture process. You can also use BPF rules to ignore specific traffic as needed to reduce resources needed. Source: over 1 year ago

• Homelab for Cybersecurity

  Mirror pfsense traffic to security onion and create your own SOC. Source: over 1 year ago

• Can someone help me understand this?

  Active measures may include an intrusion detection system / intrusion prevention systems (IDS/IPS) such as open-source Suricata on the firewall, and installing file system integrity monitoring, such as the open-source Wazuh on the exposed server. These are combined in one open-source solution, Security Onion. Source: over 1 year ago

• Other OS's than Kali

  Security Onion might be worth your time too for IR. Source: almost 2 years ago

• Advice for "practicing" security tools at home?

  Security Onion https://securityonionsolutions.com. Source: almost 2 years ago

• SIEM LAB: Testing Wazuh with Atomic Red Team

  What about security onion? It's a distro designed for a full SIEM suite (not just wazuh), similar to how kali is for pentesting. Source: about 2 years ago

• Is there a Linux distro that is the complete opposite of kali focusing more on defensive security?

  The closest thing I can think of would be Security Onion. Source: about 2 years ago

• Home server setup

  Active measures may include an intrusion detection system / intrusion prevention systems (IDS/IPS) such as open-source Suricata on the firewall, and installing file system integrity monitoring, such as the open-source Wazuh on the exposed server. These are combined in one open-source solution, Security Onion. Source: over 2 years ago

• How can I get up to speed on the network forensics side without dropping 8 grand on a SANS course?

  Look into the security onion and malware traffic analysis. Free PCAPs with the bonus of malware to analyze and a way to really understand what's happening on your network. Also, clcyber defenders has at least one PCAP CTF. Source: over 2 years ago

• Looking for open source network security monitoring for home use (student)

  As long as you have some reasonably powerful hardware laying around and can create a mirror port with a switch the most powerful tool you'll ever come across is security union, which is a full hunting and detection suite available as full open source and free on https://securityonionsolutions.com/. Source: over 2 years ago

• SIEM Suggestions

  For that size I'd look at Security Onion. That's about as good as you'll get for free, but it's a nice package. Note that SecurityOnion really relies on NIDS/HIDS to work to full potential. Source: over 2 years ago

• Security solutions in home lab recommendations?

  Https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-home-edition.aspx Https://cybersecurity.att.com/products/ossim Https://securityonionsolutions.com/ Https://www.ibm.com/community/qradar/ce/. Source: over 2 years ago

• Intrusion detection software?

  You could also have a look at OSSIM or Security Onion if you are interested in more all-in-one solutions. Source: over 2 years ago

• Homebuilt Antivirus

  SecurityOnion (https://securityonionsolutions.com/) provides a bunch of network monitoring tools which can be used to track suspicious/malicious behaviour across a network. Plug in some host-based monitoring (e.g., via Winlogbeat https://www.elastic.co/beats/winlogbeat and Sysmon https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon) and you have yourself a 'mini SOC'. Source: over 2 years ago

• Planned Security Stack Advice

  For a SEIM you could look at using Security Onion which includes a collection of OSS tools itll cover most of that stuff minus the Firewall and MFA stuff. Its OSS but has a paid support if thats a requirement https://securityonionsolutions.com/. Itll also handle some of the edr type things if youre ok doing it more manually config wise but we use SentinelOne at work and it does a pretty decent job. Source: almost 3 years ago