Mike Reeves
b25b221076
Supersedes the pre-install placement (right after secrets_pillar) from
the previous commit, which was broken: salt's ext_pillar overlay
shadowed disk pillar's elasticsearch subtree before so-pillar-import
had populated PG, so elasticsearch.enabled.sls failed rendering on
ELASTICSEARCHMERGED.auth.users.so_elastic_user.pass — that key lives
in elasticsearch/auth.sls, which is on the importer's secrets
allowlist and never makes it into so_pillar.pillar_entry. The install
would then hang forever waiting for the elasticsearch container that
the broken state never deployed.
The new placement is right after the final state.highstate completes:
1. drop adv_postgres.sls flipping the flag to True
2. salt-call saltutil.refresh_pillar so the next state sees it
3. salt-call state.apply postgres.schema_pillar — deploys schema,
ALTERs role login passwords, installs psycopg2 into salt's
bundled python, runs so-pillar-import, writes
/opt/so/conf/so-yaml/mode=postgres
4. salt-call state.apply salt.master — re-renders engines.conf
with the pg_notify_pillar engine block, drops master.d
ext_pillar config, watch_in restarts salt-master and ext_pillar
takes over
verify_setup runs after this so its final checks see PG-canonical
mode in place. Same end state as the previous commit's intent, just
without the bootstrap chicken-and-egg.
Security Onion
Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes a comprehensive suite of tools designed to work together to provide visibility into your network and host activity.
✨ Features
Security Onion includes everything you need to monitor your network and host systems:
- Security Onion Console (SOC): A unified web interface for analyzing security events and managing your grid.
- Elastic Stack: Powerful search backed by Elasticsearch.
- Intrusion Detection: Network-based IDS with Suricata and host-based monitoring with Elastic Fleet.
- Network Metadata: Detailed network metadata generated by Zeek or Suricata.
- Full Packet Capture: Retain and analyze raw network traffic with Suricata PCAP.
⭐ Security Onion Pro
For organizations and enterprises requiring advanced capabilities, Security Onion Pro offers additional features designed for scale and efficiency:
- Onion AI: Leverage powerful AI-driven insights to accelerate your analysis and investigations.
- Enterprise Features: Enhanced tools and integrations tailored for enterprise-grade security operations.
For more information, visit the Security Onion Pro page.
☁️ Cloud Deployment
Security Onion is available and ready to deploy in the AWS, Azure, and Google Cloud (GCP) marketplaces.
🚀 Getting Started
| Goal | Resource |
|---|---|
| Download | Security Onion ISO |
| Requirements | Hardware Guide |
| Install | Installation Instructions |
| What's New | Release Notes |
📖 Documentation & Support
For more detailed information, please visit our Documentation.
- FAQ: Frequently Asked Questions
- Community: Discussions & Support
- Training: Official Training
🤝 Contributing
We welcome contributions! Please see our CONTRIBUTING.md for guidelines on how to get involved.
🛡️ License
Security Onion is licensed under the terms of the license found in the LICENSE file.
Built with 🧅 by Security Onion Solutions.