diff --git a/setup/so-functions b/setup/so-functions
index 6745884ea..68aa7c76d 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -398,6 +398,13 @@ collect_hostname() {
 
 	whiptail_set_hostname "$HOSTNAME"
 
+
+	if [[ $HOSTNAME == 'securityonion' ]]; then # Will only check HOSTNAME=securityonion once
+		if ! (whiptail_avoid_default_hostname); then
+			whiptail_set_hostname
+		fi
+	fi
+
 	while ! valid_hostname "$HOSTNAME"; do
 		whiptail_invalid_hostname
 		whiptail_set_hostname "$HOSTNAME"
diff --git a/setup/so-whiptail b/setup/so-whiptail
index c471fa47d..d87723826 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -28,6 +28,14 @@ whiptail_airgap() {
 	whiptail_check_exitstatus $exitstatus
 }
 
+whiptail_avoid_default_hostname() {
+	[ -n "$TESTING" ] && return
+
+	whiptail --title "Security Onion Setup" \
+		--yesno "We suggest avoiding the default hostname of 'securityonion' in a distributed environment." 8 75 \
+		--yes-button "Use" --no-button "Change" --defaultno
+}
+
 whiptail_basic_suri() {
 
 	[ -n "$TESTING" ] && return