Search the Community

Security Onion is a free and open-source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack. Changelog v2.3.110 FEATURE: Full ECS data type compliance #6747 FEATURE: Intrusion Detection Honeypot Node #7138 FEATURE: Multi-Factor Authentication (MFA) for Security Onion #7316 FEATURE: Populate Zeek’s networks.cfg with $HOME_NET #6854 FEATURE: SOC authentication logs will now be ingested into Elasticsearch #7354 FEATURE: sort indices list alphabetically by index name #6969 FIX: ACNG should clear the cache on restart #7114 FIX: Abort so-user sync if Kratos database is locked #7459 FIX: Add Endgame Index settings to the global.sls on new installs #7293 FIX: Allow downgrades during docker_install #7228 FIX: Avoid telegraf apparmor issues #2560 FIX: Composable Templates #4644 FIX: Increase minimum password length from 6 to 8 characters #7352 FIX: Navigator should ship with all needed files #1162 FIX: Prevent Elasticsearch deprecation notices from causing installation failures #7353 FIX: Random passwords generated at setup contain character combinations that cause problems with some containers #7233 FIX: curator should exclude so-case* indices #7270 FIX: so-ip-update needs to update Kibana dashboards #7237 FIX: so-status TTY improvements #7355 UPGRADE: Elastic 7.17.1 #7137 UPGRADE: FleetDM to 4.10.0 #7245 UPGRADE: Grafana 8.4.1 #7281 UPGRADE: Kratos 0.8.2-alpha.1 #7351 [hide][Hidden Content]]