Security Onion

Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes a comprehensive suite of tools designed to work together to provide visibility into your network and host activity.

✨ Features

Security Onion includes everything you need to monitor your network and host systems:

• Security Onion Console (SOC): A unified web interface for analyzing security events and managing your grid.
• Elastic Stack: Powerful search backed by Elasticsearch.
• Intrusion Detection: Network-based IDS with Suricata and host-based monitoring with Elastic Fleet.
• Network Metadata: Detailed network metadata generated by Zeek or Suricata.
• Full Packet Capture: Retain and analyze raw network traffic with Suricata PCAP.

⭐ Security Onion Pro

For organizations and enterprises requiring advanced capabilities, Security Onion Pro offers additional features designed for scale and efficiency:

• Onion AI: Leverage powerful AI-driven insights to accelerate your analysis and investigations.
• Enterprise Features: Enhanced tools and integrations tailored for enterprise-grade security operations.

For more information, visit the Security Onion Pro page.

☁️ Cloud Deployment

Security Onion is available and ready to deploy in the AWS, Azure, and Google Cloud (GCP) marketplaces.

🚀 Getting Started

Goal	Resource
Download	Security Onion ISO
Requirements	Hardware Guide
Install	Installation Instructions
What's New	Release Notes

📖 Documentation & Support

For more detailed information, please visit our Documentation.

• FAQ: Frequently Asked Questions
• Community: Discussions & Support
• Training: Official Training

🤝 Contributing

We welcome contributions! Please see our CONTRIBUTING.md for guidelines on how to get involved.

🛡️ License

Security Onion is licensed under the terms of the license found in the LICENSE file.

---

Built with 🧅 by Security Onion Solutions.